# Domain and HTTPS configuration

This part of the configuration determines how your ExtensionsManager and products are accessed and secured.

**Domain Setup**

You can define a custom domain for both the **Extensions Manager** and your extensions.\
The domain controls how Tableau and other services connect to your environment.

* **Default:** `localhost`
* When entering a custom domain, **do not** include `http://` or `https://`.

✅ **Good Example:**

```
extensionsmanager.infotopics.com
```

❌ **Incorrect Example:**

```
https://extensionsmanager.infotopics.com/
```

**HTTPS Setup**

Using **HTTPS** enables secure communication between Tableau, the Extensions Manager, and your server.\
It is **required** when using a domain other than `localhost`.\
\
When enabling HTTPS, you can choose which TLS version the server should allow.

* The recommended setting is TLS 1.2 (this is the default). This version offers strong security and broad compatibility.
* You may choose TLS 1.3 as the minimum version for even stricter security (supported by modern clients).
* Lowering the TLS version below 1.2 is strongly discouraged and should only be done if you fully understand the risks, as older versions contain known vulnerabilities.
* If unsure, leave this setting at the default (TLS 1.2).

When enabling HTTPS, you must provide SSL certificate details:

* Either two separate files (`.crt` and `.key`), or
* One combined SSL file (e.g., `.pem`).

Once HTTPS is active:

* Connections will be encrypted and verified against the specified domain.

<figure><img src="https://1332216991-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FC3vMu9iMJLQjMzgUhEo0%2Fuploads%2FPe5CRGUUVsEKhxDPpgy2%2Fimage.png?alt=media&#x26;token=f58a5ce9-da08-476b-90e2-21beec60760e" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Be sure the key file is unencrypted.&#x20;
{% endhint %}

<details>

<summary>How to decrypt an encrypted private key</summary>

1. Open keyfile and check if it starts with -----BEGIN PRIVATE KEY-----&#x20;

If there is something above this line, delete it. (Same applies to certificates!)

2. Open your keyfile and check if it is encrypted. (Encrypted private keys start with -----BEGIN ENCRYPTED PRIVATE KEY-----) When it is encrypted, you need to decrypt it. You can do that via openssl (if installed on your machine) in your terminal using the following command:

`openssl rsa -in <encrypted_private.key> -out <decrypted_private.key>`

</details>