Creating and testing the Certificates for Smartfacts

Owned by Rene Beckert
Last updated: Aug 26, 2024 by Cornelius Wachinger
2 min read

Create an X.509 Certificate

For creating the necessary certificates, you can use our portal or create certificates manually.

It is important that the used server certificates have the issuer set. This can be a public or private CA. Certificates that do not have an issuer will not work!

Create the Certificate Signing Request (CSR)

Create a csr with our portal

We support you with generating an appropriate certificate under this URL: LINK

  1. Add your organization data in section 1

  2. Define your deployment scenario in section 2
    You must check the Keycloak and Camp option for every PoC

  3. Check the altnames in section 3.
    You may manually change them if you want different urls

  4. Generate an OpenSSL Config File or a CSR (“Certificate Signing Request”) in section 3.
    Your IT department will be able to generate a certificate using one of these two files. The Open SSL Config File allows to do manual changes if your IT department requires to do so.

    Alternatively, you can generate a CSR (“Certificate Signing Request”) based on your own OpenSSL config file in the upper right box on the same page.

Manually create csr

If you create the certificate manually, make sure they meet the following requirements.

  • Hostnames

    • The certificat must be issued on the hostnames

      • smartfacts.<domain-name>

      • identity.<domain-name>

      • genoslc.<domain-name>

    • Hostnames must also be stored in the "Subject Alternative Name" (SAN) attribute of the certificate

    • All hostnames and subject alternative names must be written in lower case

Create the certificate

Ask your administration division for support in creating a certificate based on your csr. The Certificat must meet the following requirements:

  • It must be a X.509 certificate suitable for server authentication

  • It must be Base64-coded in PEM format

  • The certificat must be valid (valid from, valid to)

  • It must be suitable for the provided private key

  • The private key should not be password protected

  • The certificate should comprise the complete certificate chain where possible

    If this is missing, then an attempt is made to download the missing intermediate and root certificate during installation.

As soon as you have a certificate, you can check it online under the URL: LINK
The tool will provide feedback if the certificate will work.

There is a way to get even more detailed feedback if you switch to the “Resources” tab under LINK.
Here you can download our CertTool and copy it onto the server on which Smartfacts will be running. The CertTool writes a detailed logfile that provides insights if your server and certificate are setup correctly