Wiki source code of Processor SSL Configuration
Last modified by Mark Kohlmann on 2025/04/17 19:26
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
1.1 | 1 | === Manually Signing Webserver SSL Certificate via file transfer/console === |
| 2 | |||
| 3 | Certificates must be in PEM format with .cer extension. The following file names must be exact: | ||
| 4 | |||
| 5 | (% style="width:650px" %) | ||
| 6 | |=Function|=File Name | ||
| 7 | |Certificate Signing Request (CSR) [Generated by processor]|request.csr | ||
| 8 | |Root CA Certificate [From CA]|root_cert.cer | ||
| 9 | |Intermediate CA Certificate [From CA - if necessary]|intermediate_cert.cer | ||
| 10 | |Signed Device Certificate [Generated by CA]|srv_cert.cer | ||
| 11 | |||
| 12 | * Generate CSR | ||
| 13 | ** Create the CSR: | ||
| 14 | ##CREATECSR C:ST:L:O:OU:CN:E [-I:<option>] [-S:<altname>[,<altname>],...] | ||
| 15 | where C = 2 letter country code | ||
| 16 | where ST = Full state or province name | ||
| 17 | where L = Locality or city name | ||
| 18 | where O = Organization or company name | ||
| 19 | where OU= Organizational Unit name or division | ||
| 20 | where CN = site name or domain name | ||
| 21 | where E = Email address | ||
| 22 | where -I: Ignore blank parameters | ||
| 23 | <option> is 'true' or 'false' | ||
| 24 | where -S: Subject Alternative Name parameter(s) | ||
| 25 | <altname> is a type:value; the only valid type is 'DNS' | ||
| 26 | Values that contain spaces must be enclosed in quotes. | ||
| 27 | Example: createcsr US:California:"Mission Viejo":"Chief Integrations":IT:ci-din-ap4-1:admin@chiefintegrations.com -S:DNS:ci-din-ap4-1.internal.chiefintegrations.com## | ||
| 28 | ** Make certificate accessible to SFTP and Toolbox: | ||
| 29 | ##move /sys/request.csr /romdisk/user/cert/request.csr## | ||
| 30 | ** Retrieve the CSR (request.csr): | ||
| 31 | *** Toolbox Directory: Internal Flash\romdisk\user\cert | ||
| 32 | *** SFTP Directory: cert | ||
| 33 | ** Sign the CSR using a CA or have [[Chief Integrations>>doc:SHOWRUNNER™ User Guide & Wiki.SHOWRUNNER™ Appendix.CI Generated Certificates.WebHome]] sign it | ||
| 34 | *** Certificate should not include the signing chain, just the signed device certificate | ||
| 35 | *** File should be in PEM format | ||
| 36 | * Install Root Certificate for the CA | ||
| 37 | ** If necessary: rename the certificate for the root CA to root_cert.cer | ||
| 38 | ** Copy root_cert.cer to the processor: | ||
| 39 | *** Toolbox Directory: Internal Flash\romdisk\user\cert | ||
| 40 | *** SFTP Directory: cert | ||
| 41 | ** From console enter: ##certificate add root## | ||
| 42 | * If necessary: Install Intermediate Certificate (intermediate_cert.cer) | ||
| 43 | ** If necessary: rename the certificate for the intermediate CA to intermediate_cert.cer | ||
| 44 | ** Copy intermediate_cert.cer to the processor: | ||
| 45 | *** Toolbox Directory: Internal Flash\romdisk\user\cert | ||
| 46 | *** SFTP Directory: cert | ||
| 47 | ** From console enter: ##certificate add intermediate## | ||
| 48 | * Install signed device certificate from the CA | ||
| 49 | ** If necessary: rename file from CA to srv_cert.cer | ||
| 50 | ** Copy srv_cert.cer to the processor: | ||
| 51 | *** Toolbox Directory: Internal Flash\romdisk\user\cert | ||
| 52 | *** SFTP Directory: cert | ||
| 53 | ** From console enter: | ||
| 54 | *** ##move /romdisk/user/cert/srv_cert.cer /sys/srv_cert.cer## | ||
| 55 | *** ##ssl ca## | ||
| 56 | * Reboot the processor |