Integrate 3rd Party SSL Certificate
This article helps HySecure administrator to apply external SSL certificate on HySecure gateway. On fresh installation, the HySecure gateway uses the internal Certificate Authority. But it is recommended that you use a recognized 3rd party CA like Verisign.
While uploading an external SSL certificate please change the HySecure gateway state to configuration state.
There are two steps involved:
-
Generate Certificate Signing Request (CSR) or take wild card certificate from customer.
-
Upload Certificates in PEM format
Important
-
If you have wild card certificate, then it can be directly uploaded. In case, the wild card certificate is not available, then CSR is required.
-
While uploading the certificate, it should be in PEM format.
Steps
Generate Certificate Signing Request (CSR)
Open Management console and go to External SSL Certificate screen under RESOURCES section. The screen shows option to generate CSR.
Click on "Generate Certificate Signing Request (CSR)" link and it will open CSR generation screen.
The details of each field is described in the table below
| Name | Description | Example |
|---|---|---|
| Country Name: | Country Name (2 letter code) | For India, it will be IN |
| State or Province Name: | State or Province Name (full name) | Berkshire |
| Locality Name: | Locality Name (e.g. City) | Newbury |
| Organization Name: | Organization Name (company) | My Company Ltd |
| Organization Unit Name: | Organization Unit Name | QA |
| Common Name: | Common Name | Your name or your server's hostname |
| Email Address: | Your email address | |
| Key Length: | Length of the key generated | 2048 will create key of length 2048 |
| Submit | Click Submit to create the CSR. |
Download Private Key & CSR
Once the details are submitted for CSR generation, the private key and Certificate Signing Request are generated. Download the Private Key and keep the file safe for later use. Do not share the private key with anyone, as it is confidential.
Download the Certificate Signing Request and submit this to your chosen Certificate Authority, say Verizon, in order to retrieve the digital certificate from them.
Upload Certificates in PEM Format
Important
You need to change the HySecure server to Configuration State to perform this task. Downtime of approximately 30 minutes is required for the activity.
Once you receive your Certificate from your CA (Certificate Authority), you can upload it to the HySecure Gateway. Alternatively if a wild card certificate is available then that can also be uploaded.
On the "External SSL Certificate" sub-menu of the "RESOURCES" section of the Management console, click on "Upload Certificates in PEM format" link. Copy the Certificate you received in .PEM format (It contains the public key). This is a compulsory field.
Copy the Optional Root Certificate, if any. If you have an intermediate CA cert and any root CA cert, copy the same in the textbox. The certificate of intermediate CA should be on top followed by its root CA cert.
Finally Copy the Private Key that was saved earlier if verified CSR is used. If customer wild card certificate is used then copy the Private Key that is associated with the wild card certificate. This is a compulsory field. Click Submit.
You can copy and paste the certificates/private key contents using notepad or notepad++. Also while pasting the contents, please ensure that there are no extra spaces at the end.
Note
Please make sure the all the certificates and private key are valid. Also all the certificates are in PEM format. If you applied wrong or incorrect private key then HySecure services may be down.
Also, please make sure snapshot of each node is taken before starting this activity.