Skip to Content

CI Generated Certificates

Last modified by Alexander Mott on 2026/01/09 18:15

Chief Integrations can sign certificates for customers to deploy on their processors.  The CI generated certificate will be good until the end of 2040.  This is an alternative to having the customer sign certificates with their own internal infrastructure.

Certificate TypeDownload
Root/Intermediate ChainRoot-Intermediate Chain
RootRoot Cert
IntermediateIntermediate Cert

For Processors (3-series greater than 1.8001.4701.23085 or later / 4-series greater than v2.6000):

  • Load the root and intermediate cert to their respective stores (Toolbox->Functions->Security Certificates)
    • Select Root Tab
      • Download Root Cert
      • Add Root Certificate and select the downloaded file
    • Select Intermediate Tab
      • Download Intermediate Cert
      • Add Intermediate Certificate and select the downloaded file
  • Generate Certificate Signing Request (Toolbox->Functions->SSL Management->Play button)
    • If Toolbox's SSL Management gives an error, try generating the request through Text Console "createcsr" command
      • Execute "createcsr ?" first to get all parameter values, and execute your command, e.g.: createcsr US:California:"Mission Viejo":"Chief Integrations":"Suport":100.64.0.1:support@chiefintegrations.com
      • Use File Manager or a separate SFTP program to extract the generated request.csr from the location indicated in the Text Console (typically "Internal Flash\sys\request.csr")
  • Send the following to Chief Integrations:
    • CSR (Certificate Signing Request) file
    • FQDN (Fully qualified domain name) of the processor
      • For isolated Control Subnets, running "doma" command on the processor will give the FQDN (typically "[hostname].crestron")
      • Use Windows Terminal and run "ping  [FQDN]" to verify the FQDN is correct, e.g. 
    • IP Address of the processor
      • For isolated Control Subnets, this should be the IP on the CS, e.g. 100.64.0.1 or 172.22.0.1
  • Chief Integrations will send back the signed certificate
  • Load the signed certificate (Toolbox->Functions->SSL Management->Play button->Upload Signed Certificate)
  • Load the Root-Intermediate chain (Toolbox->Functions->SSL Management->Play button->Upload Root Certificate)
  • Select CA Signed (Toolbox->Functions->SSL Management)
  • Password boxes should be empty (Toolbox->Functions->SSL Management)
  • Hit Ok, processor will reboot

For Touchpanels:

  • Load the root and intermediate cert to their respective stores (Toolbox->Functions->Security Certificates)
    • Select Root Tab
      • Download Root Cert
      • Add Root Certificate and select the downloaded file
    • Select Intemediate Tab
      • Download Intermediate Cert
      • Add Intermediate Certificate and select the downloaded file