This article will walk you through the steps of generating your CSR, compiling your p12 and importing your CA cert into SafeConsole.
CREATING A CA.CRT
GENERATING A PRIVATE KEY
1. Download the OpenSSL binary for Windows at the URL below and install OpenSSL at the default location on a computer running Microsoft Windows 7 64 bit, Server 2003, Server 2008, or Server 2012.
https://www.openssl.org/source/old/1.1.1/openssl-1.1.1w.tar.gz
2. Generate 2048-bit RSA key pair and the CSR (Certificate Signing Request) using the CLI command in OpenSSL:
(Optional BETA feature: 128-bit ECC key pair is supported for SafeConsole 5.5.+)
Windows 7, Server 2008, Server 2012: req -config "c:\program files (x86)\gnuwin32\share\openssl.cnf" -new -newkey rsa:2048 -nodes -keyout private.key -out ca.csr
(if for any reason you receive an error, please check for spaces, especially before "gnuwin32")
Follow the CLI prompts and enter the information as requested.
IMPORTANT: You must use the sitename, as the SSL Certificate’s Common Name. You should enter the Organization Name (your company name). Your Certificate Authority provider may require you to enter information in other fields to process the CSR.
3. Send the ca.csr file to your certificate authority.
Compiling your P12
1. Concatenate your SSL bundle including all intermediate certs
2. Unless OpenSSL is in your Path, you will need to move your cert chain, your public cert, and your key to the OpenSSL installation location.
3. Open Command Line and run the command: "c:\program files (x86)\gnuwin32\bin\openssl" pkcs12 -export -out client.p12 -inkey yourkey.key -in yourpublicsslcert.crt -chain -CAfile sslbundle.crt
Uploading your CA p12
Backup your SafeConsole server
Stop the service using the CLI command: net stop safeconsole
Run the SafeConsole configurator
On step 5, select import SSL
Select your CA p12 file and start your SafeConsole server.