|
|
|
|
|
VSys Live, Live Kiosk and Anywhere use Apache as their web server, with OpenSSL to negotiate secure connections. OpenSSL in turn requires appropriate SSL certificates. These can be for a single FQDN, for example demo.vsyslive.com, or wildcard, like *.vsyslive.com. Non-wildcard certificates must exactly correspond to the FQDN by which the VSys Live server will be known. A certificate for demo.vsyslive.com can't be used if the machine is accessed as kiosk.vsyslive.com or 192.168.0.20.
If VSys Live is being used behind a load balancer or other edge device that negotiates and manages secure connections for you, you may only need a self-signed certificate. For any other case, you need proper SSL certificates generated by a competent and trusted certificate provider.
OpenSSL on Windows requires SSL certificates in PEM format. Your certificate will usually come in two or three files:
.key, and will always be a text file that begins with "-----BEGIN ENCRYPTED PRIVATE KEY-----"..crt and will always be a text file that begins with "-----BEGIN CERTIFICATE-----"..crt and will always be a text file that begins with "-----BEGIN CERTIFICATE-----"You can find more information about SSL certificates for Apache here:
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html
There are many different file types of SSL certificate formats, but for VSys Live, Apache and OpenSSL will only recognize the .crt format for the SSL certificate and intermediate certificate, and the key must be in .key format. Depending on your provider, you might be issued a bundle of certificates. While bundles are mostly supported just for the intermediate certificate, the SSL certificate will need to be broken out by itself, otherwise Apache and OpenSSL will not know how to interpret the file type.
SSL certificates for Apache on Windows must not have a passphrase (password) associated with them. If your CSR included a passphrase when the certificate was created, you'll need to generate a new CSR without a passphrase, and then get a new SSL certificate.
It is your responsibility to acquire the appropriate certificates, and to convert them (if necessary) into the correct format.