SSL Certificate Configuration > Create a Self-Signed SSL Certificate
  
Version 10.1.01
Create a Self-Signed SSL Certificate
APTARE recommends using OpenSSL open source software to create your self-signed certificate. For more information on creating self-signed certificates using OpenSSL, refer to the FAQs and documentation on the OpenSSL site at www.openssl.org.
The instructions and examples in this section are applicable for the Linux operating system. OpenSSL also may be used with the Windows operating system. Check the OpenSSL web site for specific instructions. Note that the certificate is independent of the operating system under which it was created. A self-signed certificate created on a Linux computer may be installed on a Windows web server.
You can create a self-signed certificate with multiple options depending on how you want to configure your certificate. APTARE recommends the following OpenSSL command to create a self-signed certificate. The command creates two files: server.key and server.crt. You must install these files on the StorageConsole web server.
openssl req -x509 -days 365 -sha1 -newkey rsa:1024 -nodes
-keyout server.key -out server.crt
-subj '/O=<CompanyName>/OU=<Department>/CN=<CommonName>'
where
-x509 is used to create a certificate as opposed to a certificate request that is sent to a certificate authority
-days determines the number of days that the certificate is valid
-sha1 specifies the type of encryption to be used
-newkey rsa:1024 sets the key as 1024-bit RSA
-nodes specifies that no passkey will be used
-keyout specifies the name of the key file
-out specified the name of the certificate file
<CompanyName> is the name of your company
<Department> is the name of your department
<CommonName> is the URL of the site that the certificate will be installed at. This may be the full URL, such as aptareportal.site.com, or a partial URL, such as *.site.com. APTARE, Inc. recommends using the latter; the latter must be used if the certificate is to be used when accessing both the Portal and Data Collection.
 
Example:
openssl req -x509 -days 365 -sha1 -newkey rsa:1024 -nodes
-keyout server.key -out server.crt
-subj '/O=ABC Company/OU=IT/CN=*.abc.com'
 
Note: The use of the -nodes option in the previous example creates a certificate that does not require a pass phrase. This makes it easier to install and use the certificate, but weakens the security of the certificate. If the certificate is created with a pass phrase, it must be entered when the certificate is installed and used.
The actual certificates get installed and configured on the Apache web server, however, in cases where the issuing certificate authority (CA) is not automatically trusted (such as self-signed certificates), the certificates need to be imported and trusted on the Data Collector server.
Once the self-signed certificates have been created, Configure the Data Collector to Trust the Certificate.