Steps to Create a Security Certificate.

Started by Peter Goulette, September 05, 2019, 03:28:20 PM

Previous topic - Next topic

Peter Goulette

WSS requires that the browser has a root certificate of authority (CA) to communicate securely to another (server) process which uses a server side certificate compatible with the CA. The following is an example on how to create the certificates using OpenSSL.

NOTE: Apple's Safari is moving to a 398 day certificate expiration policy effective September 1, 2020. Any 2 year certificates created before August 31st will still work until their issued expiration date.

OpenSSL Windows Example:>createWindowsCertificate.bat
Ensure to set the path to the openssl.cnf within the createWindowsCertificate.bat file before running. An example can be found commented in the createWindowsCertificate.bat.

Windows Open SSL binaries:

OpenSSL OSX Example:>
OpenSSL is installed on Mac by default

Ranger Remote certificate setup


To clarify/simplify and merge the instructions above for workstations using Windows:

To simplify the instructions in both the .bat file and the sbulletsupport topics:

1. Download OpenSSL

The following link should have what you need. You need to select 

Assuming you are on a 64bit machine, the option "Windows64 OpenSSL v3.0.0" in the list, should be what you download (

2. Once you download, please follow the instructions and install the binaries on your machine.

3. Once everything is installed, create a new directory at a convenient place. Copy and paste the following files from following locations into this newly created directory:

==> From the OpenSSLCreateCertMacWin folder that you downloaded and extracted from sbulletsupport website
- CreateWindowsCertificate.bat

==> From the C:\Program Files\OpenSSL-Win64\bin (unless you installed the open SSL at a different location)


4. If you do have an existing configuration file for creating OpenSSL certificates, pls provide access to that in the .bat file (right click and edit the .bat file and set the OPENSSLCONFIG= option to point to the right location)

If you DO NOT HAVE one, the batch file will create one for you during execution (Command Prompt). Edit/Delete the OPENSSLCONFIG= option off the .bat file.

Per comments in the .bat file:

==> Common Name (CN) specified in this step should be, or the CN must match the wss address used by the app.
Country Name: US
State: Florida
Locality: Pensacola
Organization: Example Company
Unit Name: EC
Common Name:

==> you can just press enter and skip for "extra" attributes

5. Double check to make sure you have all 3 files needed in the same directory (createWindowsCertificate.bat,v3.ext,openssl.exe) and run the .bat file in command prompt like (createWindowsCertificate.bat) and follow/fillout the attributes.

All necessary certificates will be created.

Once created, all you need to do is to make sure the certificates files are in the same directory as the Ranger Remote installer, and during Ranger Remote installation you choose the wss install option.