This recipe covers the security of the server, database, and the communication of the user's browser and e-mail communication through SSL so that no data goes unencrypted from and to a Redmine system.
Make sure that you have server administration privileges. Prepare self-generated or obtain proper and valid SSL certificates for your server (Apache, IIS). To generate a free, but valid, certificate and install it, follow the guidelines in the Enhancing security recipe of Chapter 10, Making the Most of Redmine.
To ensure maximal security of your Redmine box, follow these steps:
Make sure that the web server running your Redmine is running as a separate user or group from other web presentations.
Make sure that the server is properly updated and the root password is used only by server administrators.
Change root and user's administering passwords every few months.
Don't use the same password for database and server's user.
Configure Redmine to communicate...