VSys One: Volunteer Management Software

Previous Topic

Next Topic

Book Contents

Book Index

SSL Certificates

VSys Live, Live Kiosk and Anywhere use Apache as their web server, with OpenSSL to negotiate secure connections. OpenSSL in turn requires appropriate SSL certificates. These can be for a single FQDN, for example demo.vsyslive.com, or wildcard, like *.vsyslive.com. Non-wildcard certificates must exactly correspond to the FQDN by which the VSys Live server will be known. A certificate for demo.vsyslive.com can't be used if the machine is accessed as kiosk.vsyslive.com or 192.168.0.20.

If VSys Live is being used behind a load balancer or other edge device that negotiates and manages secure connections for you, you may only need a self-signed certificate. For any other case, you need proper SSL certificates generated by a competent and trusted certificate provider.

OpenSSL on Windows requires SSL certificates in PEM format. Your certificate will usually come in two or three files:

You can find more information about SSL certificates for Apache here:
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html

There are many different file types of SSL certificate formats, but for VSys Live, Apache and OpenSSL will only recognize the .csr format for the SSL certificate and intermediate certificate, and the key must be in .key format. Depending on your provider, you might be issued a bundle of certificates. While bundles are mostly supported just for the intermediate certificate, the SSL certificate will need to be broken out by itself, otherwise Apache and OpenSSL will not know how to interpret the file type.

SSL certificates for Apache on Windows must not have a passphrase (password) associated with them. If your CSR included a passphrase when the certificate was created, you'll need to generate a new CSR without a passphrase, and then get a new SSL certificate.

It is your responsibility to acquire the appropriate certificates, and to convert them (if necessary) into the correct format.

In This Section

Generating a Certificate Signing Request (CSR)

Extracting SSL Certificates from a PFX file

Hand-updating SSL Certificates

See Also

Installing VSys Live

VSys Live Site Diagnostics

Alternate Configuration - Linux and Windows

Installation Settings - Global

Installation Settings - Site-Specific

Apache Virtual Hosts

Check Port Usage Conflicts

VSys Live Installer

Monitoring

Updating VSys Live

VSys Live Installation by VSys One Staff