4. Click Save, then restart the controller using the button on the top right to implement the new settings.
Once the restart process is complete, the controller will restart but the web page will not automatically
refresh.
5. Browse to the controller web page by adding the prefix https:// to the beginning of the IP address or URL.
A lock or similar icon in the browser toolbar should indicate that the connection is secure. Click on this icon to see
details about the certificate, including the information you entered in the certificate signing request.
Self-Signed Certificate
Self-signed certificates do not require the certificate to be validated by an authority, or for the controller to be
accessible over the internet. They can also be created for free. However, self-signed certificates are not considered
secure by web browsers, which will generate warnings whenever the web interface is accessed. This method is fine
for testing and development but is not recommended for live sites.
Requirements for Self-Signed Certificates
⦁ There is no requirement for the controller to be externally accessible.
⦁ The operator must manually renew the certificate whenever it expires.
Generating a Self-Signed Certificate with OpenSSL
The following instructions will use the free OpenSSL utility. The latest version of OpenSSL for Windows can be
downloaded from this page.
1. Download and install the OpenSSL utility.
2. Navigate to the installation directory, open the bin folder, locate the openssl executable and run it as an
administrator. This will open the OpenSSL command prompt.
3. To generate your certificate, enter the following command:
req -new -newkey rsa:2048 -x509 -sha256 -subj "/C=[Country code]/CN=
[Common name]" -days 365 -out [name].crt -keyout [name].key
-
Replace [name] with your desired filenames
- The country code is optional, but recommended best practice. You can find your country code here.
- The common name is typically in the form [hostname].[domain name]. For a self-signed certificate this
does not need to be an externally accessible hostname. For example, you could use secure.controller.com.
This generates a new key pair (.crt certificate and .key private key) with 2048-bit encryption that will expire
after 365 days. The files should appear in the current OpenSSL directory.
4. Enter a passphrase for the private key. This is a phrase used to encrypt the private key to protect it against
anyone with access to your local system. It will be required whenever the private key is used.
Note that passphrase characters will not be displayed in the console. Only alphanumeric characters are
supported for the passphrase.
5. Enter your location and identity information as requested. These details will be incorporated into your
certificate and publicly viewable from the web browser.
Ensure that the Common Name is the same as the Domain Name which is being used for the controller, if any.
6.
To export your certificate, enter the following command, replacing [name] with your desired filename:
pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac -out
[name].pfx -inkey [name].key -in [name].crt
7. Enter the passphrase assigned above when prompted.
8. Create an export password when prompted. This will be required when installing the certificate on the
controller.
Protege WX Integrated System Controller | Configuration Guide 17
To Next Page
Loading...
Need help?
General
