Insecure Configuration Detected

Description

Storing the SSL certificate and private key in the webroot will result in an error message from the Alpha Anywhere Application Server.

Discussion

When configuring SSL for your web application, the SSL certificate, chain file, and private key must be stored in a secure location. Placing these files in the webroot makes them accessible to anyone. If the Alpha Anywhere Application Server detects these files in the webroot, it will refuse to run and issue an error message similar to the one below.

The server cannot be started because of an insecure configuration. The SSL certificate, chain file, and 
private key are sensitive files and must not be located within the webroot. These must be moved to a 
directory that is not web-accessible before the server will run.
Insecure configuration detected. Remove SSL certificate, chain file, and private key from the webroot.

To resolve this error, move the files outside of the webroot directory to a secure location.