Certificate
HTTPS communication uses its own versiondog certificate: server.pm. Some browsers recognise this certificate as not trusted and display a warning. You have the following options to continue with the opening:
- Such warnings can simply be ignored in most cases (Refer to link at the end of the page) If you decided to do this, ensure that the warning will always be bypassed every time.
- The certificate can be deemed to be trustworthy. This is of particular advantage for test purposes. This step is to be done for every device manually. This is therefore different for every device. Please keep in mind the security risks that this act can entail.
- The versiondog certificate can be replaced by your own certificate. This is the costliest and securest option.
The versiondog certificate can be found in the installation folder of the server under the path ...\Resources\cert.
Requirements for own certificates
A certificate signing request (CSR) will be required. You can obtain the necessary information from the respective certification authority. Thereupon you will receive the certificate.
We ourselves neither issue nor countersign such certification.
Certificates have to be provided in PEM format. To check whether a certificate is available in this format, open the file in a text editor (for example, Notepad) The file needs to contain the following rows:
-----BEGIN CERTIFICATE----- [A few signs] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [ Many signs] -----END RSA PRIVATE KEY----- |
The number of hyphens has a meaning. This is therefore not allowed to be changed.
The certificate in PEM format can also consist of two files, a file with BEGIN CERTIFICATE and END CERTIFICATE and two files with BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY.
In the case that the BEGIN CERTIFICATE as well as BEGIN RSA PRIVATE KEY rows are present in the document, it consists of a combination of certificate and key in a file. The respective values of the INI file have to be refered to in this file. Refer to Example configuration in making changes in the file Config.ini
Making changes in the file Config.ini
To use another certificate, you need to modify the Config.ini file. Your Config.ini file needs to include the path to the certificate, the private key and the corresponding dh2236.pem-file. (In the case of file dh2236.pem, it concerns a Diffie-Hellmann Parameter,which is used in cryptography.)
You can find the Config.ini file in your server archive under the path ...\VD$A\WebServer.
|
After replacing the certificate, the web server needs to be deactivated then reactivated.