Request and install certificate from a public CA

This topic describes how to request and install a security certificate for your appliance supplied by a public certificate authority (CA).

To obtain a security certificate the first step is to create a certificate signing request (CSR) from the File Director appliance. You then submit the request data to your CA. A certificate chain is required comprising the server certificate, the root, and intermediate certificate(s). Once you obtain the signed certificates you will need to ensure they are each in the format required and then apply them to your File Director appliance.

The process is split into three key steps:

Create a CSR from the File Director appliance

Request certificates from your public CA

Apply certificate chain to the appliance

Prerequisites

You are using a public CA.

Your CA will provide a web server certificate chain in 2048-bit RSA certificates in Base64 PEM format.

Various public CAs are available and the precise instructions for requesting and configuring certificates will vary between authorities.

Example documented
To view specific instructions as an example, click the expandable headings in this topic. The example describes creating an SSL certificate for a single web server using a free trial certificate from comodo.com. Your configuration may include multiple servers - and will use your preferred CA.

Create a CSR from the File Director appliance

  1. From File Director Admin console, click Configuration > SSL Certificate.
  2. Expand the section To obtain a certificate from a Certificate Authority, and complete the following fields:
    • Host Name - The fully-qualified domain name of the server where the certificate will be installed.
      Note that wildcard domains can be specified with a * prefix.

      The host name does not have to match the appliance host name set in the appliance console. However, the host name you provide must match the FQDN on your DNS ’A’ records.

    • Company/Organization Name - The name of the organization requesting the certificate.
    • Organizational Unit - The division within the organization. For example, Engineering or Human Resources, or if applicable, the database administrator name for the organization.
    • City - The full name of the city where the organization is located. Do not use codes or abbreviations.
    • State/Province - The full name of the state or province where the organization is located. Do not use abbreviations or codes.
    • Country - The two digit ISO country code where the organization is located. For example, US, FR.
    • Email - The email address that will be a point of contact for the certificate request.
      Note, this email contact may be required at certificate renewal, or in case of technical issues.

  3. Click Create CSR.

    A text box displays the certificate request data.

    Certificate Signing Request

    Every time you use the Generate New CSR option, the unique server key is changed, making any previous certificates generated for this appliance invalid.

  4. Copy the CSR text including the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST tags, and save it as a TXT file. You will require the copied text in the next step.

Request certificates from your public CA

Having generated the certificate request from File Director, the next step is to go to your CA and submit the certificate request. Typically, your public CA will require you to have (or to set up) an account with them, and they will validate your ownership of the domain name within your CSR before issuing the security certificates.

Request server certificate

Note, the precise sequence of steps will vary between CAs.

1.In a web browser, navigate to your CA.

2.Request a new certificate (or certificate renewal)

Ensure that the certificate request uses base 64 encoded CMC or PKCS #10 (.csr, .pem, .p10 format).

Alternatively, request a certificate renewal that uses base-64-encoded PKCS #7 file (.p7b or .p7c format)

3.Ensure that a web server certificate template and/or web server attributes are applied to your requested certificate

4.When prompted, paste the copied CSR text into the request text field and submit your request.

5.Follow the steps advised by your CA to enable the validation of your domain name.

6.Download certificates issued and save them to your required certificate folder.

Apply certificate chain to the appliance

Install certificates

When using a public CA it is not necessary to install the root certificate on your File Director appliance. Your OS is published with its own in-built set of trusted root certificates, and this set will include the majority of public CAs.

Chain Certificates

  1. Open each intermediate certificate file in a text editor such as Notepad.

    Also open the File Director Admin console (Configuration > SSL Certificate > Set a new Certificate section).

  2. Select the text from your first intermediate certificate. Include the BEGIN CERTIFICATE and END CERTIFICATE tags but ignore any other metadata included in the file.

    Copy this text and paste it into the text box within the File Director Set a new certificate dialog.

    Repeat this process for the second intermediate file (plus any other intermediate files your specific chain requires. The text for all intermediate certificates, including the tags, is concatenated as a single file.

    Ensure Chain Certificate/Bundle is selected as the Certificate Type and click Upload Certificate.

    A message will confirm that the chain certificate has been installed and prompts you to upload a server certificate.

Server Certificate

1.Locate the server certificate file downloaded previously (refer to Request server certificate above).

Open the certificate file in a text editor.

2.Copy the text for the server certificate to your clipboard. Include the BEGIN CERTIFICATE and END CERTIFICATE tags but ignore any other metadata included in the file.

3.In the File Director Admin console (SSL Certificate dialog), paste the server certificate details into the text box within the Set a new Certificate section .

4. Ensure Server Certificate is selected as the Certificate Type, then click Upload Certificate.
Note that notification messages within this dialog are displayed only temporarily.

When all certificates have successfully installed, a notification message is displayed at the top of the SSL Certificate dialog confirming that the certificate has been enrolled.

To test the certificate, close and reopen the browser and connect to the Admin console using the fully qualified server name specified in the certificate. If the certificates are installed correctly, the browser connects securely without any security warnings.

We recommend that you back up the File Director appliance configuration snapshot.

Related topics

Upload an existing certificate

Configure certificates

E.g. Private certificate

E.g. SAN certificate