1. Home
  2. Archive
  3. Access Manager archive
  4. Administration Guide
  5. SSL Certificates
  6. Access Manager: How to Create an SSL Certificate and Upload it

Access Manager: How to Create an SSL Certificate and Upload it

Can't find what you're looking for?
Request Supporthere

system 25 February, 2022
This article is marked as obsolete.

This article shows how to upload a PEM certificate into your Access Manager 1.2 server starting right from step one, generating the initial CSR. If you already have a valid signed certificate then jump to step 2. If you have a PFX or P12 certificate please follow the article titled "How to Upload a PFX or P12 Certificate in Access Manager".

 

Step 1: Create a certificate and generate a CSR

1. Log into Access Manager as admin and go to Configuration > SSL and expand the Upload Keys and Certificates section, select the option Generate Key + Certificate. If you have already generated your server key during installation select Download CSR and go to point 3 below.

 

2. Complete the requested information

  • Subject Alternative Name (SAN): The fully-qualified domain names you're securing. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example*.coolexample.com.

  • Common Name (CN - depricated): An older field for the fully-qualified domain name, or URL, you're securing. Due to changes by some web browser (e.g. Chrome) this field is no longer trusted but some CA's still require it. Again if you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example*.coolexample.com.

  • Organization Unit (OU): If applicable, enter the DBA (doing business as) name.

  • Organization (O): The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requester’s name.

  • City or Locality (L): Name of the city where your organization is registered/located. Do not abbreviate.

  • State or Province (ST): Name of the state or province where your organization is located. Do not abbreviate.

  • Two digit country code (C): The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.

 

Select Finish once information entry is complete, the SSL Server Key is created and the service must be restarted for it to be applied correctly.

 

 

3. After the service restart completes and the SSL Server Key have been applied return to Configuration > SSL and expand the Upload Keys and Certificates section again, now select the Download CSR option.

 

4. Click Continue and then Download, save the file to a safe location

 

5. Give the CSR to a certificate authority such as GoDaddy so that it can be signed. If your Certificate Authority requests which type of server generated the CSR you should specify Apache/ModSSL.

 

Step 2: Getting the Server, Root or Intermediate Certificates

Once you have received your signed certificate from the certificate authority you may be given a choice of download options, if possible we recommend downloading the certificate as a single file with all Root and Intermediate certificates included within, in PEM format (if you see an option for Apache web server, that will be in the correct format) and then go straight to Step 3. If that is not possible then download all required certificates in PEM format.

If you have both an intermediate and a root certificate, these need to be combined into a single bundle file. Simply open both in a text editor and paste in the intermediate, immediately followed by the root certificate and save this file.

 

 

Step 3: Uploading your Certificate

For secure, trusted access you must install the SSL server certificate on the Nervepoint Access Manager server. The uploaded certificate file must have the following characteristics:

  • The server certificate must be issued by a Certification Authority (CA) that is trusted by end users. For best results, use a commercial CA such as VeriSign, Thawte or GeoTrust.

  • The certificate must be in Privacy Enhanced Mail (PEM) format, a text-based format that is a Base64 encoding of the binary Distinguished Encoding Rules (DER) format. (If your certificate is in PFX or P12 follow the article titled, Upload a PFX or P12 Certificate.

     

Go to Configuration > SSL and expand the Upload Keys and Certificates section and select the Certificate signed by a Certification Authority option.

Select Choose File next to Certificate File and browse to the Signed Certificate provided by your Certificate Authority

Select Choose File next to CA Certificates and browse to the root or bundle certificates provided by your Certificate Authority, click Upload

 

Once the certificate has been installed Access Manager will prompt for a restart in order to apply the new certificate

 

To complete the integration the service must now be restarted. This can be done from the Power button in the footer or through the VM Console.

 

Once the system has restarted go to the Access Manager main page and open the certificate information, the certificate information should now match that of the server certificate that was uploaded, and assuming you are connecting to the same address that the certificate is valid for it should also be Trusted.