Product: | SSL Solutions (SafeConduct) |
Version: | All |
ID: | 4001 |
Summary: | Creating new certificates for SafeConduct |
NOTE: SafeConduct will be deprecated in 2025, end of support dated to April 2025.
Here are step-by-step instructions for creating new certificates for SafeConduct.
- Go to the directory where you installed SafeConduct.
- Locate or change directory to safeconducttoolbox.
- Run the run_safeconducttoolbox.bat by typing at the prompt (ex: C:\ safeconduct\safeconducttoolbox> run_safeconducttoolbox.bat).
Create a CA ROOT Certificate:
- In the File menus, locate the "Generate" Menu.
- Click on "Generate Root CA Certificate".
- In the window, enter the necessary information such as the Days, Country, State, Locality, Organization, OU and Common Name, and Email address.
- In “Common Name”, type "Root CA Certificate."
Name the Certificate:
- Enter the Certificate File Name ex: test_ca.der
- Enter the Private Key File Name ex: test_ca_key.der
- Click “Generate”.
Generate a Certificate Request:
- Follow steps 1 - 3 (above) except instead of choosing "Generate Root CA Certificate" choose "Generate Certificate Request"
- In “Common Name”, type in “Certificate Request”
- Name the file:
Enter the Certificate Request File name ex: test_req.der
Enter the Private Key File Name ex: test_req_key.der
- Click the “Generate” button.
Generate a Server Certificate:
- Follow setup 1 - 2 (above), except instead of choosing "Generate Root CA Certificate" choose "Generate Certificate".
- In "CA Root Certificate File Name": Browse or locate the file name to be generated
from the Root Certificate. Ex: test_ca.der
- In "CA Root Private Key File Name": Browse or locate the file name to be generated from the Root Certificate. Ex: test_ca_key.der
- In "Certificate Request File Name": Browse or locate the file name to be generated from the Root Certificate. Ex: test_ca_req.der
- In the "Certificate File Name": Enter a name. Ex: test_svr.der
- Click the “Generate” button.
Verify the CA Fingerprint or the (ca_cert_fingerprint):
- Click on "Utils"
- Click on "View Certificate and Fingerprint"
- Locate or browse the CA Certificate you have created. Ex: test_ca.der
- Click “View Certificate”.
- In the “Fingerprint” text box, copy that number and paste it to the option (ca_cert_fingerprint=) on the driver, or copy it on a notepad. Include the ca_cert_fingerprint=thefingerprint.
- Click “Done”.
Verify the Server Fingerprint (server_cert_fingerprint):
Follow the same steps as above to verify fingerprint. The only change is that when choosing or locating the file, choose the one you already created in "Generate a Server Certificate" or "Generate Certificate". In the example, it’s called test_srv.der.
- Copy that number in the “Fingerprint” text box and paste it to the option (server_cert_fingerprint=) on the driver, or copy it on a notepad. Include the server_cert_fingerprint=thefingerprint.
- Click “Done”.
- Change the information in hitssl.properties:
server_cert[0]=test_srv.der,test_srv_key.der
and the ca_cert[0]=test_ca.der