Steps to Create a Security Certificate.

Started by Peter Goulette, September 05, 2019, 03:28:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Peter Goulette

September 05, 2019, 03:28:20 PM Last Edit: February 20, 2020, 02:14:58 PM by Peter Goulette
WSS requires that the browser has a root certificate of authority (CA) to communicate securely to another (server) process which uses a server side certificate compatible with the CA. The following is an example on how to create the certificates using OpenSSL.

NOTE: Apple's Safari is moving to a 398 day certificate expiration policy effective September 1, 2020. Any 2 year certificates created before August 31st will still work until their issued expiration date.

OpenSSL Windows Example:
OpenSSLBatchScript.zip->createWindowsCertificate.bat
Ensure to set the path to the openssl.cnf within the createWindowsCertificate.bat file before running. An example can be found commented in the createWindowsCertificate.bat.

Windows Open SSL binaries:
https://wiki.openssl.org/index.php/Binaries

OpenSSL OSX Example:
OpenSSLBatchScript.zip->createfilesMac.sh
OpenSSL is installed on Mac by default

Ranger Remote certificate setup

CemOnder

#1
December 10, 2021, 03:52:16 PM Last Edit: December 10, 2021, 03:57:48 PM by CemOnder
To clarify/simplify and merge the instructions above for workstations using Windows:

To simplify the instructions in both the .bat file and the sbulletsupport topics:

1. Download OpenSSL

The following link should have what you need. You need to select 
==> https://slproweb.com/products/Win32OpenSSL.html

Assuming you are on a 64bit machine, the option "Windows64 OpenSSL v3.0.0" in the list, should be what you download (https://slproweb.com/download/Win64OpenSSL-3_0_0.exe)

2. Once you download, please follow the instructions and install the binaries on your machine.

3. Once everything is installed, create a new directory at a convenient place. Copy and paste the following files from following locations into this newly created directory:

==> From the OpenSSLCreateCertMacWin folder that you downloaded and extracted from sbulletsupport website
- CreateWindowsCertificate.bat
-v3.ext

==> From the C:\Program Files\OpenSSL-Win64\bin (unless you installed the open SSL at a different location)

-openSSL.exe


4. If you do have an existing configuration file for creating OpenSSL certificates, pls provide access to that in the .bat file (right click and edit the .bat file and set the OPENSSLCONFIG= option to point to the right location)

If you DO NOT HAVE one, the batch file will create one for you during execution (Command Prompt). Edit/Delete the OPENSSLCONFIG= option off the .bat file.

Per comments in the .bat file:

==> Common Name (CN) specified in this step should be 127.0.0.1, or the CN must match the wss address used by the app.
Example:
Country Name: US
State: Florida
Locality: Pensacola
Organization: Example Company
Unit Name: EC
Common Name: 127.0.0.1
Email: support@examplecompany.com

==> you can just press enter and skip for "extra" attributes


5. Double check to make sure you have all 3 files needed in the same directory (createWindowsCertificate.bat,v3.ext,openssl.exe) and run the .bat file in command prompt like (createWindowsCertificate.bat) and follow/fillout the attributes.

All necessary certificates will be created.

Once created, all you need to do is to make sure the certificates files are in the same directory as the Ranger Remote installer, and during Ranger Remote installation you choose the wss install option.
Print
Go Up Pages1
User actions