Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Create an X.509 Certificate

For creating the necessary certificates, you can use our portal or create certificates manually.

Create the certificate service request (csr)

Create a csr with our portal

We support you with generating an appropriate certificate under this URL: LINK

  1. Add your organization data in section 1

  2. Define your deployment scenario in section 2
    You must check the Keycloak and Camp option for every PoC

  3. Check the altnames in section 3.
    You may manually change them if you want different urls

  4. Generate an OpenSSL Config File or a CSR (“Certificate Signing Request”) in section 3.
    Your IT department will be able to generate a certificate using one of these two files. The Open SSL Config File allows to do manual changes if your IT department requires to do so.

    Alternatively, you can generate a CSR (“Certificate Signing Request”) based on your own OpenSSL config file in the upper right box on the same page.

Manually create csr

If you create the certificate manually, make sure they meet the following requirements.

  • Hostnames

    • The certificat must be issued on the hostnames

      • smartfacts.<domain-name>

      • camp.<domain-name>

      • identity.<domain-name>

      • genoslc.<domain-name>

      • oslc.<domain-name>

    • Hostnames must also be stored in the "Subject Alternative Name" (SAN) attribute of the certificate

    • All hostnames and subject alternative names must be written in lower case

Create the certificate

Ask your administration division for support in creating a certificate based on your csr. The Certificat must meet the following requirements:

  • It is an X.509 certificate which is suitable for server authentication

  • Base64-coded in PEM format

  • The certificat must be valid (valid from, valid to)

  • It is suitable for the provided private key

  • The private key may not be password protected

  • The certificate should comprise the complete certificate chain where possible

    If this is missing, then an attempt is made to download the missing intermediate and root certificate during installation.

As soon as you have a certificate, you can check it online under the URL: LINK
The tool will provide feedback if the certificate will work.

There is a way to get even more detailed feedback if you switch to the “Resources” tab under LINK.
Here you can download our CertTool and copy it onto the server on which Smartfacts will be running. The CertTool writes a detailed logfile that provides insights if your server and certificate are setup correctly

  • No labels