To use Studio with an SSL certificate for secured connections, you can purchase a signed certificate through a third-party Certificate Authority or create a certificate. Creating self-signed certificates and certificate signing requests is possible using a third-party application, and this instruction will use OpenSSL to describe how to do both.
If you create a self-signed certificate, web browsers will not initially recognize the certificate and display a warning message that the site is not trusted. While the connection is still encrypted, you need to make an exception to fully connect. Self-signed certificates may also limit some functionality depending on the Flash plug-in for your browser.
Studio accepts SSL certificates in CER, CRT, and PEM formats.
When your server certificates are used internally, create a local certificate authority and avoid purchasing a commercial certificate.
Internet browsers will not recognize a self-signed certificate as legitimate and will display warnings before allowing access.
To implement a local certificate:
1 From a command line, navigate to:
[Studio installation directory]\bin
2 Use the command:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
3 At the prompts, enter all requested information.
The Common Name (domain name) you enter should be one that your company owns. Add a DNS entry if needed to resolve this computer to the Common Name.
The certificate is created in the current Studio directory folder.
An example of generating a self-signed certificate:
Country Name (2 letter code) []:US
State or Province Name (full name) []:Utah
Locality Name (eg, city) []:Midvale
Organization Name (eg, company) []:Wavelink Corporation
Organizational Unit Name (eg, section) []:Engineering
Common Name (eg, your name or your server's hostname) []:avaself.wavelink.com
Email Address []:[email protected]
Studio only supports SSL certificates with CER and CRT extensions.
After creating a certificate, you must set up both the Server and Client for SSL encryption. To enable SSL at the server level, see Enabling SSL. To configure the Studio Client for SSL, see Configuring Client Settings.
When your server certificates are used externally, create a certificate signing request (CSR) to verify your company's identity to any devices connected via SSL.
To create a CSR:
1 From a command line, navigate to:
[Studio installation directory]\bin
2 Use the command:
openssl genrsa -des3 -out privateKey.pem 2048
3 At the prompt Enter PEM pass phrase, type the pass phrase. When prompted, re-enter the pass phrase.
4 Use the command:
openssl req -new -key privateKey.pem -out CACert.csr
5 At the prompts, enter all requested information.
The Common Name (domain name) you enter should be one that your company owns. Add a DNS entry if needed to resolve this computer to the Common Name.
An example of generating a CSR:
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Utah
Locality Name (eg, city) [Newbury]:Midvale
Organization Name (eg, company) [My Company Ltd]:Wavelink Corporation
Organizational Unit Name (eg, section) []:Engineering
Common Name (eg, your name or your server's hostname) []:avaself.wavelink.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: avalanche
An optional company name []: Wavelink Corporation
When you request a signed certificate from a certificate authority, you will need to submit the CACert.csr file.
After submitting a CSR to a Certificate Authority like Thawte or Verisign, you must wait to receive a signed certificate prior to setting up both the Server and Client for SSL encryption. To enable SSL at the server level, see Enabling SSL. To configure the Studio Client for SSL, see Configuring Client Settings.
Was this article useful?
The topic was:
Inaccurate
Incomplete
Not what I expected
Other