Creating and signing server keys

  1. Create a new server key by typing the command: 

    OPENSSL_DIR\bin\openssl genrsa –out server.key 1024

    A new server key is generated and placed in the server.key file.

  2. Generate a Certificate Signing Request (CSR) for the server key by typing the command:

    OPENSSL_DIR\bin\openssl req –new –key server.key –out server.csr

    You are prompted for information about the server certificate that you are generating.

    Prompt Response

    Country Name:

    Your two-letter country abbreviation

    State or Province Name:

    Your full state or province name

    Locality Name:

    The city, town, or suburb where your organization is located

    Organization Name:

    		 Either a department name or some name representing this server

    Organizational Unit Name:

    Either a department name or some name representing this server

    Common Name:

    The name of this server (not of a person) as it should appear on the certificate.

    Caution: The Common Name must match the host name of the FH Web Edition server. Any variation in the name will cause the client to issue a warning when connecting.

    Email Address:

    The e-mail address of a party responsible for this server

    A challenge password []:

    [enter]

    An optional company name []:

    [enter]

     

    Example:
    Country Name (2 letter code) [AU]:US
    State or Province Name (full name) [Some-State]:Iowa
    Locality Name (e.g., city) []:Dillon
    Organization Name (e.g., company) [Internet Widgits Pty Ltd]:D. Campbell Fire Company
    Organizational Unit Name (e.g., section) []:.Fire & EMS
    Common Name (e.g., YOUR name) []:server
    Email Address []:tferguson@dcfc.com
    Please enter the following extra attributes to be sent with your certificate request:
    A challenge password []:[enter]
    An optional company name []:[enter]

  3. Sign the server’s key with the CA’s certificate by typing the command:

    OPENSSL_DIR\bin\openssl x509 –req –extfile server.cfg –days 1825 –CA ca.crt –CAkey ca.key –CAserial ca.serial –in server.csr –out server.crt

    Note: The -days 1825 parameter causes our server certificates to expire in 1825 days, or roughly 5 years. If you want certificates to expire earlier or later, adjust this number to fit your requirements.

  4. Copy the ca.crt, server.key, and server.crt files to a directory on the target server that can be accessed from the system account, but cannot be accessed from the accounts of users who sign in to the host.
  5. Select the server certificate in the FH Web Edition Connection Manager.
    1. In FH Web Edition Connection Manager, choose Tools→ Host Options.
    2. Click the Security tab.
    3. In the Transport list, select SSL.
    4. Type or browse to the path to the server’s certificate (server.crt) file in SSL Certificate.

    5. Click OK.