If you need help when obtaining and loading a third-party certificate, consult your IT support. ICT Technical
Support cannot assist with this process.
Creating a Private Key and Certificate Signing Request
To begin, it is necessary to generate the private/public encryption key pair which will be the basis for the HTTPS
encryption. The public key will be integrated into a certificate signing request which will be submitted to the CA.
The following instructions will use the free OpenSSL utility. The latest version of OpenSSL for Windows can be
downloaded from this page.
1. Download and install the OpenSSL utility.
2. Navigate to the installation directory, open the bin folder, locate the openssl executable and run it as an
administrator. This will open the OpenSSL command prompt.
3.
To generate the key pair, enter the following command, replacing [name] with your desired filenames:
req -newkey rsa:2048 -keyout [name].key -out [name].csr
This generates a new 2048-bit private key (.key file) and certificate signing request (.csr file). The files should
appear in the current OpenSSL directory.
4. Enter a passphrase for the private key. This is a phrase used to encrypt the private key to protect it against
anyone with access to your local system. It will be required whenever the private key is used.
Note that passphrase characters will not be displayed in the console. Only alphanumeric characters are
supported for the passphrase.
5. Enter your location and identity information as requested. These details will be incorporated into your
certificate and publicly viewable from the web browser.
Ensure that the Common Name is the same as the Domain Name which is being used for the controller.
Some details are optional. Confirm with your CA which fields are required.
6. Save both files in a safe, known location, as both are required for the following steps. It is especially important
that the private key is not publicly accessible.
Purchasing a Certificate
Below are very basic instructions for purchasing a third-party certificate from a CA. Every CA will have different
processes and requirements - this is only intended to be a rough guide to what is required for implementation on a
controller.
1. Begin the process of generating a certificate from a recognized CA such as:
- GoDaddy: https://nz.godaddy.com/web-security/ssl-certificate
- Network Solutions: https://www.networksolutions.com/
- RapidSSL: https://www.rapidsslonline.com/
It is important that you select File-Based or HTTP-based Validation (or equivalent) when asked to choose an
authentication/validation method. You will require a .txt file to upload to the controller.
2. When prompted, upload the text of your Certificate Signing Request (.csr).
3. Follow the CA's instructions to complete the request. You should be prompted to download a .txt validation
file.
DO NOT change the name or contents of this file.
Authenticating the Certificate
The .txt file that you received in the previous steps must be uploaded to a known directory on your domain (in this
case, the controller) so that it can be viewed by the CA. This verifies that you are the owner of the domain in
question.
Protege WX Integrated System Controller | Configuration Guide 15
To Next Page
Loading...
Need help?
General
