Use of certificates for TLS communication

When setting up a Cegal Hub Server for remote connections you might decide to configure the Hub Server with TLS. In this case you need to have a TLS certificate to enable communication between the Hub Connector and Client applications, and the Hub Server. You can purchase or use a free service to issue a TLS certificate from an official certificate authority or you can create a self-signed certificate and add it to your Trusted Root Certification Authorities.

TLS certificates for the Cegal Hub Petrel plug-in

The Cegal Hub binary supports the use of self-signed certificates. However, as Petrel is using an old version of the .Net framework the Cegal Hub Petrel plug-in is limited to use of GRPC.Core and cannot read self-signed certificates from the Trusted Root Certification Authorities. Therefore it is recommended to use an official certificate authority to issue your certificate. If you decide to use a self-signed certificate a work-around to this problem, is to do a Base-64 encoded export of the certificate from the Trusted Root Certification Authorities, give it a .pem file-ending, rename it to the DNS name of the machine the Cegal Hub Server is running on and copy the file into the Cegal Hub Petrel plug-in installation folder. This is usually “C:\Program Files\Schlumberger\Petrel 2022\Extensions\Cegal Hub_1.0”. The certificate file should then look something like this: “thehubserver.yourcompany.com.pem”.