Requesting an installing a certificate includes the following steps
- Creating a Certificate Signing Request (CSR) on the Bridge you want to use the certificate for.
- Ordering an official certificate from a certificate authority like e.g. VeriSign.
- Installing the certificate on the Bridge.
Creating a Certificate Signing Request (CSR)
For the enrollment of an official certificate, you need to provide a certificate signing request (CSR).
On the Certificate tab, all related actions can be executed, if the user has administration rights.
| In order to create a certificate signing request, click Create CSR. |
 | The form to enter all required fields is displayed. |
Fields with an asterisk (*) are mandatory.
| Field | Description |
|---|---|
| Common Name (CN) * | The common name for the server that will use the SSL certificate must be the fully qualified domain name the domain name and the host name (if applicable). For example, in bridge.scheer-acme.com, scheer-acme.com is the domain name and bridge is the host name. If your fully qualified domain name does not include a host name, simply enter the domain name. A host name will not be included in your certificate. Check the common name during the enrollment process to ensure it is correct and is not the one of another Bridge domain member. After your SSL certificate has been issued, changing the common name requires re-enrollment at the full price of the certificate. |
| Organisational Unit (OU) | Your department or unit within your company or organization. |
| Organisation (O) * | Your company or organization. |
| Locality (L) | City, in which your company or organization is physically located. |
| State or Province (ST) | State or province, in which your company or organization is physically located. |
| Country (C) * | Country, in which your company or organization is physically located. |
 | After having entered all fields, click Create CSR. By clicking Cancel, you can cancel this action and go back to the the main certificate page. |
 | The encrypted certificate request is displayed on the next page. Mark the complete certificate request and copy it. It will be pasted into the order from of the certificate authority application, where you will order the official certificate. |
Ordering an Official Certificate
Order an official certificate from an certificate authority like VeriSign or Thawte. During ordering process you will come to a step were you have to paste the CSR that you have created before in step 1. If asked for a server platform, select Apache.
Once you have received the certificate from the certification company, you can continue to install the certificate on the Bridge (see further below).
Installing a Certificate
Once you received a certificate from a certificate authority, you can install it on the Bridge.
On the Certificate tab, all related actions can be executed, if the user has administration rights.
| In order to install the certificate, click Install Certificate. |
| Copy the received certificate into the field and click Install Certificate. In case you want to install an intermediate certificate, paste the whole certificate chain here. By clicking Cancel, you can cancel the installation and go back to the main certificate page. |
If the installation of the certificate has been successful, the main certificate page is displayed again. It now shows the information of the official certificate.
If the certificate does not fit to the server it was enrolled for, an error message like 'Wrong or invalid certificate!' will be displayed.
Manual Certificate Installation
You can also install proxy certificates manually to the Bridge. Proxy certificate locations are stored in file <your Bridge data directory>/proxies/templates/virtual_host_ssl.conf. To manually add a proxy certificate, do the following:
- Copy file virtual_host_ssl.conf from <your Bridge data directory>/proxies/system_templates to <your Bridge data directory>/proxies/templates.
- Edit the file and add paths to your certificate files:
# virtual host ssl settings start # SSLEngine On SSLCertificateFile "${SSL_CERTIFICATE}" SSLCertificateKeyFile "${SSL_CERTIFICATE_KEY}" # # virtual host ssl settings endReplace the placeholders
${SSL_CERTIFICATE}and${SSL_CERTIFICATE_KEY}by valid paths to certificate / key files. The certificate file may also contain a chain of certificates. - Restart the Bridge proxy via the Bridge administration console.
Overview
Content Tools