SXI Forum

A place to collect usefull tips, tricks and implementation strategies.

You are not logged in.

Pages: 1

#1 01-06-2021 19:50:04

SeanR
Administrator
Registered: 20-11-2018
Posts: 148

CA signed Certificate for XLayer server

These steps will outline how to initially request a new certificate from GoDaddy on a windows server.  This will not replace the certificate if a client already has a procedure to obtain certs for us, this is only if we are purchasing the cert ourselves.

If this is the first time you are adding a certificate to the server you will need to provide GoDaddy with a CSR (Certificate Signing Request).  you will need to generate this CSR before requesting the certificate from GoDaddy.

Requirements
KeyStore Explorer

Steps

  1. Open KeyStore Explorer and "Create a new Keystore"

  2. In the "New KeyStore Type" dialog box that pops up select PKCS #12

  3. Select Tools -> Generate Key Pair from the menu or press Ctrl + G

  4. In the "Generate Key Pair" dialog box that pops up select RSA with a key size of 2048 and click OK

  5. A new dialog box will popup and you can leave most of those values default (This will be valid for 1 year)

  6. You need to provide additional details for the certificate before clicking OK.  Just above the "Add Extensions" button there is an Icon that looks like a filofax with an "@" sign on it.  Click That.

  7. Populate the fields with valid responses (Replace the values in between <>test:

    • Common Name(CN): <server.name.domain.com>

    • Organization Unit(OU): <Company Name>

    • Organization Name(O): <Company Name>

    • Locality Name(L): <Johannesburg>

    • State Name(ST): <Gauteng>

    • Country(C): <ZA>

  8. Click Ok. You will notice that in the "Name" field your values have been populated.

  9. After verifying your values Click Ok

  10. A "New Key Pair Entry Alias" dialog box will appear. Enter an appropriate alias and Click Ok

  11. Enter and Confirm a new password in the "New Key Pair Entry Password" and click Ok

  12. After everything has been validated you will get confirmation that the Key Pair Generation was Successful


Generate CSR

  1. Right-Click on the alias you created and select Generate CSR

  2. In the Generate CSR dialog box youcan select the location of the CSR file and click Ok


Request the New Certificate

  1. On the GoDaddy website follow the prompts to create a new certificate.

  2. When you get to the step to provide a CSR copy the contents of the file you created and past it into the space provided on the GoDaddy website.

  3. You will get an Email when the certificate has been generated.  Go to the relevant page a download the certificate (Server = "Other")  A zip file will be downloaded which contains 3 files:

    • <randomNumber>.crt

    • <randomNumber>.pem

    • gd_bundle-g2-g1.crt

  4. When you have this file Right-Click on the Alias you created in the key store

  5. On the dropdown menu click on "Import CA Reply -> From File"

  6. Select the <randomNumber>.crt file and click Import

  7. You can Expect a "CA Reply Import Successful" message

  8. You can now save this file as <some name>.p12

Once you have saved this file you will be able to point to it from the XLayer Servers API calls.  Here is an example.

#===============================================================================
# Enable SSL operation
#===============================================================================
server.ssl.enabled=true
server.ssl.key-store-type=PKCS12
server.ssl.key-store=classpath:<some name>.p12
server.ssl.key-store-password=<password used at "New Key Pair Entry Password">
server.ssl.key-alias=<alias used in Key Pair generation>

Offline

Pages: 1

Board footer

Powered by FluxBB