Versions Compared

Version Old Version 3 New Version 4
Changes made by

Thomas Erdösi

Thomas Erdösi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Connect Server Allgemein

How do I create a server certificate for using HTTPS?

The procedure depends heavily on the infrastructure used. In general, the procedure is as follows:

  1. Generate the private key for the server

  2. Create a certificate request for the server

  3. Submit the certificate request for signing by a trusted certification authority

  4. Create the .pfx file

An example of this process using OpenSSL:

First create a configuration file with the desired certificate contents and save it as "cert.cnf". The content could look like this:

Code Block
[req]
prompt             = no
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext

[req_distinguished_name]
countryName            = DE
stateOrProvinceName    = Bavaria
localityName           = Munich
organizationName       = Galileo Group AG
organizationalUnitName = IT
commonName             = Connect Server
emailAddress           = info@galileo-group.de

[req_ext]
subjectAltName = @alt_names

[alt_names]
DNS.1 = webserver1.galileo-group.de
DNS.2 = webserver2.galileo-group.de
DNS.3 = webserver3.galileo-group.de

Now generate a new private key and the certificate request with the following command:

openssl req -newkey rsa:2048 -nodes -keyout private.key -out certreq.csr -config cert.cnf

A new private key is generated and stored in the "private.key" file. In addition, the certificate request is generated and stored in the file "certreq.csr". You now have to send the contents of this file to the certification authority for signing. From there you will receive a file with the signed certificate, which we call "cert_base64.cer" in this example.

Now, generate an X509 certificate which contains all the information required by the server using this file and the private key. Use the following command for this:

openssl pkcs12 -export -in cert_base64.cer -inkey private.key -out cert.pfx

When executed, you will be asked to set the password for the private key. The "cert.pfx" file is then created. You can use this file and the corresponding password to configure the Connect Server for HTTPS. For more information, see the chapter Configuration.

Connect Server on Linux

Which Linux distributions are supported?

...