- Intended For:
- Customer IT/Admin
- Difficulty:
- Easy
- Prerequisite Skills:
- Familiarity with openssl
- Estimated Time to Complete:
- 10 minutes
- Applies to Software/Firmware Version(s):
- Enterprise 2.x and above
Objective
Needing to use a self-signed certificate for REDACTIVE Enterprise.
Procedure
Prerequisite: openssl installed
- Run CMD as an Administrator
- Start self-signed SSL generation:
openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt
- Answer the questions when prompted by openssl and make sure to use the fully qualified domain name of the REDACTIVE service when asked for "Common Name (e.g. server FQDN...)"
Example:
redactive.example.com
- Copy or move the generated domain.crt and domain.key files to a folder on the REDACTIVE server
- Login to REDACTIVE admin:
http://localhost:9000/admin
- Select the Network tab and check the Enabled box in the HTTPS section
- Enter the FQDN that will be used to access the REDACTIVE service in the top box (e.g. redactive.example.com), the port that will be used for SSL (9443 default), and the full paths to the domain.crt and domain.key files from step 3 above
- Press save and wait for the server to reload
You will still be on the non-SSL version of the site when it comes back online, so change the address and port to match what was entered in step 6 above
Examples:https://redactive.example.org:9443/admin
or
https://redactive.example.org/admin
if port 443 was chosen for HTTPS
If you want to change the port to 443, you can do this:
This will allow you to directly go to REDACTIVE instead of appending the port 9443 as shown in the URL below: - If using a self-signed certificate, the browser will display a warning; tell the browser to ignore the warning and proceed
The REDACTIVE server requires a non-encrypted key. If you used a passphrase when creating the key, you will need to decrypt it before applying it in REDACTIVE.
Example:
openssl rsa -in cert.key -out decryptedcert.key
source: WKB-000553