This article will walk you through the steps of generating your CSR, compiling your p12 and importing your CA cert into SafeConsole.



CREATING A CA.CRT

 

GENERATING A PRIVATE KEY

 

1. Download the OpenSSL binary for Windows at the URL below and install OpenSSL at the default location on a computer running Microsoft Windows 7 64 bit, Server 2003, Server 2008, or Server 2012. 

 

http://downloads.sourceforge.net/gnuwin32/openssl-0.9.8h-1-setup.exe 

 

2. Generate 2048-bit RSA key pair using the CLI command: 

 

Windows 7, Server 2008, Server 2012: "c:\program files (x86)\gnuwin32\bin\openssl" genrsa -f4 -out private.key 2048 

 

3. Start generation of the CSR (Certificate Signing Request) using this CLI command:

 

Windows 7, Server 2008, Server 2012: "c:\program files (x86)\gnuwin32\bin\openssl" req -config "c:\program files (x86)\ gnuwin32\share\openssl.cnf" -new -nodes -key private.key -out ca.csr 

 

Follow the CLI prompts and enter the information as requested. 

 

IMPORTANT: You must use the sitename, as the SSL Certificate’s Common Name. You should enter the Organization Name (your company name). Your Certificate Authority provider may require you to enter information in other fields to process the CSR. 

 

4. Send the ca.csr file to an your certificate authority. 




Compiling your P12


1. Conncatenate your SSL bundle including all intermediate certs


2. Unless OpenSSL is in your Path, you will need to move your cert chain, your public cert, and your key to the OpenSSL installation location.


3. Open Command Line and run the command: "c:\program files (x86)\gnuwin32\bin\openssl" pkcs12 -export -out client.p12 -inkey yourkey.key -in yourrootcert.crt -chain -CAfile sslbundle.crt




Uploading your CA p12


  1. Backup your SafeConsole server


  1. Stop the service using the CLI command: net stop safeconsole


  1. Run the SafeConsole configurator


  1. On step 5, select import SSL


  1. Select your CA p12 file and start your SafeConsole server.