1. Access the controller's web interface by typing its IP address into the address bar of a web browser, then log
in with your username and password.
2. Navigate to the System Settings.
3. In the General tab, select the Use HTTPS checkbox (if not already enabled).
4. Enter an appropriate HTTPS Port. The default is port 443, which is commonly used for this purpose. You
should retain the default port unless you are required to use another port by your system administrator.
5. Click Load Validation File and browse to the .txt validation file to load it onto the controller.
6. Open the Adaptor - Onboard Ethernet tab. Enter the controller's domain name in the Controller Hostname
field.
7. Confirm that the file is publicly accessible by using another machine to navigate to
[domainname]/.wellknown/pki-validation/[filename].txt. You should be able to view the content of your
validation file.
Once the CA has verified that your domain is accessible, you will be sent the signed certificate. Wait times can vary
between providers, but will typically take from one hour to several hours.
Converting the Certificate Format
The controller requires a file with the .pfx extension. Your CA may have provided a different file type, potentially
several files such as a certificate (e.g. .cer, .crt or .pem) and an intermediate certificate. These must be combined
with the private key generated with your certificate request to create a .pfx file. The following instructions will use
the OpenSSL utility installed above.
1. Navigate to the installation directory, open the bin folder, locate the openssl executable and run it as an
administrator. This will open the OpenSSL command prompt.
2.
Export your certificate as a .pfx file using the following command, replacing [name] with your filenames:
pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac -out
[name].pfx -inkey [name].key -in [name].[cer/crt/pem]
Replace [cer/crt/pem] with the extension on your certificate file as required.
Note: If you have been provided with an intermediate certificate you must include intermediate certificates by
appending to the end of the command: -certfile [intermediatename].[cer/crt/pem] as shown
below.
pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac -out
[name].pfx -inkey [name].key -in [name].[cer/crt/pem] -certfile
[intermediatename].[cer/crt/pem]
Android devices will fail to connect if intermediate certificates are not included in the certificate loaded onto
the device.
3. Enter the passphrase for the private key (set above) to continue.
Note that passphrase characters will not be displayed in the console.
4. Enter an export password when requested. This will be required when installing the certificate on the
controller.
5. This process will generate a [name].pfx file in the current OpenSSL directory. This is your third-party
certificate. Store this file in a safe, known location.
Installing the Certificate on the Controller
1. Log in to the controller's web interface and navigate to the System Settings.
2. Scroll to the Certificate File section. Click Install Certificate and browse to the .pfx certificate file to install it on
the controller.
3. Enter the export password that you created when generating the certificate file.
Protege WX Integrated System Controller | Configuration Guide 16
To Next Page
Loading...
Need help?
General
