Create an X.509 Certificate
For creating the necessary certificates, you can use our portal or create certificates manually.
It is important that the used server certificates have the issuer set. This can be a public or private CA. Certificates that do not have an issuer will not work!
Create the Certificate Signing Request (CSR)
Create a csr with our portal
We support you with generating an appropriate certificate under this URL: LINK
Add your organization data in section 1
Define your deployment scenario in section 2
You must check the Keycloak and Camp option for every PoCCheck the altnames in section 3.
You may manually change them if you want different urlsGenerate an OpenSSL Config File or a CSR (“Certificate Signing Request”) in section 3.
Your IT department will be able to generate a certificate using one of these two files. The Open SSL Config File allows to do manual changes if your IT department requires to do so.Alternatively, you can generate a CSR (“Certificate Signing Request”) based on your own OpenSSL config file in the upper right box on the same page.
Manually create csr
If you create the certificate manually, make sure they meet the following requirements.
Hostnames
The certificat must be issued on the hostnames
smartfacts.<domain-name>
identity.<domain-name>
genoslc.<domain-name>
Hostnames must also be stored in the "Subject Alternative Name" (SAN) attribute of the certificate
All hostnames and subject alternative names must be written in lower case
Create the certificate
Ask your administration division for support in creating a certificate based on your csr. The Certificat must meet the following requirements:
It must be a X.509 certificate suitable for server authentication
It must be Base64-coded in PEM format
The certificat must be valid (valid from, valid to)
It must be suitable for the provided private key
The private key should not be password protected
The certificate should comprise the complete certificate chain where possible
If this is missing, then an attempt is made to download the missing intermediate and root certificate during installation.
As soon as you have a certificate, you can check it online under the URL: LINK
The tool will provide feedback if the certificate will work.
There is a way to get even more detailed feedback if you switch to the “Resources” tab under LINK.
Here you can download our CertTool and copy it onto the server on which Smartfacts will be running. The CertTool writes a detailed logfile that provides insights if your server and certificate are setup correctly
0 Comments