Skip to Content

Processor SSL Configuration

Last modified by Mark Kohlmann on 2025/04/17 19:26

Manually Signing Webserver SSL Certificate via file transfer/console

Certificates must be in PEM format with .cer extension.  The following file names must be exact:

FunctionFile Name
Certificate Signing Request (CSR) [Generated by processor]request.csr
Root CA Certificate [From CA]root_cert.cer
Intermediate CA Certificate [From CA - if necessary]intermediate_cert.cer
Signed Device Certificate [Generated by CA]srv_cert.cer
  • Generate CSR
    • Create the CSR: 
      CREATECSR C:ST:L:O:OU:CN:E [-I:<option>] [-S:<altname>[,<altname>],...]
              where C = 2 letter country code
              where ST = Full state or province name
              where L = Locality or city name
              where O = Organization or company name
              where OU= Organizational Unit name or division
              where CN = site name or domain name
              where E = Email address
              where -I: Ignore blank parameters
                <option> is 'true' or 'false'
              where -S: Subject Alternative Name parameter(s)
                <altname> is a type:value; the only valid type is 'DNS'
              Values that contain spaces must be enclosed in quotes.
      Example: createcsr US:California:"Mission Viejo":"Chief Integrations":IT:ci-din-ap4-1:admin@chiefintegrations.com -S:DNS:ci-din-ap4-1.internal.chiefintegrations.com
    • Make certificate accessible to SFTP and Toolbox:
      move /sys/request.csr /romdisk/user/cert/request.csr
    • Retrieve the CSR (request.csr):
      • Toolbox Directory: Internal Flash\romdisk\user\cert
      • SFTP Directory: cert
    • Sign the CSR using a CA or have Chief Integrations sign it
      • Certificate should not include the signing chain, just the signed device certificate
      • File should be in PEM format
  • Install Root Certificate for the CA
    • If necessary: rename the certificate for the root CA to root_cert.cer
    • Copy root_cert.cer to the processor:
      • Toolbox Directory: Internal Flash\romdisk\user\cert
      • SFTP Directory: cert
    • From console enter: certificate add root
  • If necessary: Install Intermediate Certificate (intermediate_cert.cer)
    • If necessary: rename the certificate for the intermediate CA to intermediate_cert.cer
    • Copy intermediate_cert.cer to the processor:
      • Toolbox Directory: Internal Flash\romdisk\user\cert
      • SFTP Directory: cert
    • From console enter: certificate add intermediate
  • Install signed device certificate from the CA
    • If necessary: rename file from CA to srv_cert.cer
    • Copy srv_cert.cer to the processor:
      • Toolbox Directory: Internal Flash\romdisk\user\cert
      • SFTP Directory: cert
    • From console enter:
      • move /romdisk/user/cert/srv_cert.cer /sys/srv_cert.cer
      • ssl ca
  • Reboot the processor