Skip to content

External SSL Certificate

Overview

Typically the HySecure Gateway uses a self signed certificate. Since the certificate is not signed by a well known trusted Certificate Authority, the client connecting to Gateway through the browser are likely to indicate a warning about the server being not being trusted. In order to avoid the scenario and make the connection from client to HySecure more secure, the administrator would want to use a certificate created and signed by a trusted CA.

Rather than use the internal Certificate Authority, you can generate a Certificate Signing Request to submit to a recognized 3rd party CA such as VeriSign.

  1. Generate Certificate Signing Request (CSR)

  2. Submit CSR to a recognized CA like Verisign to get a signed Digital Certificate in PEM format from them. Also get Root and intermediate CA certificates from them.

  3. Upload private key & Certificates The private key gets generated during CSR creation and all Certificates are recevied from the CA, in PEM format.

  4. Restart HySecure for the certificate to take effect

Generate Certificate Signing Request

Follow the following steps to generate a CSR

  1. Open the Management console and expand RESOURCES

  2. Select External SSL Certificate

  3. Click on the "Generate Certificate Signing Request (CSR)" on the page

  4. Enter the information provided. The various fields are explained below

Name Description
Country Name Country Name (2 letter code) - like for India, it will be \'IN\'
State or Province Name State or Province Name (full name) - like [Maharashtra]
Locality Name Locality Name (e.g. City) - [Pune]
Organization Name Organization Name (e.g., company) - [My Company Ltd]
Organization Unit Name Organization Unit Name (e.g. section) - [QA]
Common Name Common Name (e.g. your name or yours server\'s hostname)
Email Address Your email address
Key Length Length of the key to be generated. Larger the key, stronger will be the encryption but it will take more processing time. Select from one of the entries in the drop down list.

Click Submit to create the CSR or Reset to clear the values set up.

On submitting the details, the following page will get displayed from which the Private Key and the Certificate Signing Request can be downloaded.

  1. Download the Private Key and keep the file safe for later use.

  2. Download the Certificate Signing Request and submit this to your chosen Certificate Authority in order to retrieve the digital certificate and the root and intermediate CA certificates from them.

Upload Private Key And Certificates

Once the certificates are received from the CA, upload them by following the steps indicated below:

  1. Go to "External SSL Certificate" page

  2. Click on the link "Upload Certificates In PEM Format"

    Important

    You need to change the HySecure server to Configuration State to perform this task.

  3. Copy the Certificate you received in .PEM format (It contains the public key) and paste it in the first block

  4. Copy the Root Certificate and intermediate certificates, if any, in the second box.

    Warning

    The certificate of intermediate CA should be on top followed by its root CA cert.

  5. Finally Copy the Private Key that was created during creation of CSR and saved earlier and copy it into the third box.

  6. Click Submit.

Restart HySecure

  1. Once the certificates are successfully applied, restart the Gateway.

  2. To restart Gateway, expand HOST MAINTENANCE and go to Shutdown/Restart and choose Restart the HySecure Gateway.