Follow

Creating an SSL Certificate using OpenSSL

The following steps will guide you through creating an SSL certificate for use with the WholesaleBackup Windows Server. Getting an SSL certificate is completely optional and the server will function to it's full capacity without one. SSL certificates can only be created for FQDNs, if your server is being hosted at an IP address only you will not be able to create an SSL certificate for the IP. You would need to assign an FQDN to point to the IP first and then rebuild your client software to use the new FQDN before installing an SSL certificate.

NOTE: On most Linux based systems (including Mac OS X) OpenSSL is installed by default. For Windows install GnuWin32 tools. This set of tools includes a native Windows command line implementation of OpenSSL.

Using OpenSSL on the command line do the following:

1. Generate the CSR with this command (replace 'yourdomain' with the FQDN for your backup server):

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

2. Fill in the Certificate information for your FQDN:

   You are about to be asked to enter information that will be incorporated
   into your certificate request. 
   What you are about to enter is what is called a Distinguished Name or a DN.
   There are quite a few fields but you can leave some blank
   For some fields there will be a default value,
   If you enter '.', the field will be left blank.
   -----
   Country Name (2 letter code) [AU]:The 2 digit Country code for your country
   State or Province Name (full name) [Some-State]:The home state for your Organization
   Locality Name (eg, city) []: The home city for your Organization
   Organization Name (eg, company) [Internet Widgits Pty Ltd]:The Name of your organization
   Organizational Unit Name (eg, section) []:
   Common Name (eg, YOUR name) []:your.domain.com <-- The FQDN for your backup server
   Email Address []:support@your_domain.com <-- The email address for your support team or admins
   Please enter the following 'extra' attributes
   to be sent with your certificate request
   A challenge password []: Optional password, blank by default. Leave blank if uncertain.
   An optional company name []:

3. Open the resulting CSR with your favorite text editor.

4. Copy the entire contents of the CSR and provide this to your certificate signing authority. (cheapssls.com has SSL certificates for as low as $4.99 when buying five years at a time)

5. Get a .crt file back from the SSL signing authority of your choice.

6. Combine the .crt and .key files into the WSBU.pem file with this command: 

cat yourdomain.key yourdomain.crt > WSBU.pem

NOTE: If you don't have access to the 'cat' command (Windows Command Prompt) you can do the same thing with this command: type yourdomain.key yourdomain.crt > WSBU.pem

7. Place this WSBU.pem file in the installation directory for your WholesaleBackup server software.

8. Restart the service to use the new SSL certificate. You can test the certificate by browsing to https://<YOUR_FQDN>:<PORT#>/wsbutest. Inspect the certificate to confirm success!

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk