098-00720-000 Revision D1 – February, 2018 SyncServer 600 Series User’s Guide 133
Chapter 4
Navigation Windows
Security - X.509 Install
Use this window to install on the SyncServer the Certificate or Certificate/Chain that
was generated using the CSR. See Figure 4-49 Installation can be done with
certificate/chain files in PEM or PKCS7 format. The PEM format is the most
common format that Certification Authorities issue certificates in. PEM certificates
usually have extentions such as .pem, .crt, .cer, and .key. They are Base64
encoded ASCII files and contain "-----BEGIN CERTIFICATE-----" and "-----END
CERTIFICATE-----" statements. Server certificates, intermediate certificates, and
private keys can all be put into the PEM format. Apache and other similar servers
use PEM format certificates. Several PEM certificates, and even the private key,
can be included in one file, one below the other, but most platforms, such as
Apache, expect the certificates and private key to be in separate files. The PKCS#7
or P7B format is usually stored in Base64 ASCII format and has a file extension of
.p7b or .p7c. P7B certificates contain "-----BEGIN PKCS7-----" and "-----END
PKCS7-----" statements. A P7B file only contains certificates and chain certificates,
not the private key. Several platforms support P7B files including Microsoft Windows
and Java Tomcat.
Depending on the CA signing setup, installation can be done in either one of the
following two ways:
1. A single certificate file, which includes the signed end user (SyncServer)
certificate and the certificate chain (intermediate CAs if any and root CA).
2. Two files, with the first one being the signed end user (SyncServer) certificate
and the second being the certificate chain.
The user can upload the signed certificate/chain files and then click the "Install"
button to install the certificate on the SyncServer.
The "View Certificate" section allows the user to view the certificate currently being
used in the system. The root/intermediate CA's certificate(s) are also installed in
client web browsers that will access the SyncServer. The browser being used needs
to be able to identify the Certification Authority as a known or trusted CA. This will
allow the browser to show the connection to the SyncServer as being secure
(https).
Note: If an HTTPS certificate was installed, the system will return to
using the self-signed HTTPS certificate after a configuration default.
To Next Page
Loading...
