Creating a new Certificate via a Certificate Signing Request (CSR)
For creation of a public or a self-signed certificate a 'Certificate Signing Request' (CSR) has to be created first. In case of a public certificate the CSR must be sent to the certificate authority so they can create the certificate for you.
For creation of the request please proceed as follows:
- Start Keystore Explorer on your PC
- Create a new Keystore
Select 'JKS' for the Keystore Type
- Generate a Key Pair
- Select the 'RSA' security algorithm.
- The key length depends on the specifications of your certificate provider. In general a key length of 2048 bit is required.
Public SSL Certificate
A public certificate can be obtained with the CSR just created from a commercial certificate authority. Please provide the CSR to the respective certificate authority. This procedure varies depending on the authority.
Private Key of the SSL Certificate
By creation of the CSR the private certificate has already been created and saved to the keystore.
Installing the public key in the Cryptshare Server Keystore
When receiving the certificate from the certificate authority, you have to save it in the Cryptshare Server Keystore first. Please perform the following steps:
- Open the Keystore Explorer
- Open the Cryptshare Server Keystore
- Right-Click on the Cryptshare Server certificate
- Select the option 'Import CA Reply'
Enter the password 'CA0AZhuFM4NogQh' in the following dialog
Please remember
This is a default password used for new Cryptshare installations
Detailed instructions on how to change the password can be found in the section
Select the certificate you received from the public certificate provider.
Establish trust for the certificate by completing the certificate chain up to the root certificate.
Please note, that if the certificate chain is incomplete, certain browsers may still show a security popup requiring manual user intervention.
Therefore please make sure, all intermediate certificates as well as the root certificate are put into the chain in the right order.
The chain has to be build from bottom (Client Cert) via intermediate(s) to top (Root Certificate of the CA)
- Right-Click on the Cryptshare Server certificate
- Select the option 'Edit Certificate Chain' --> 'Append Certificate'
- Confirm the following dialogs from the tool. These can vary depending on the certificate you're about to import.
- Save the Keystore
- Continue with Installing the Keystore on the Cryptshare Server.
Installing the Keystore on the Cryptshare Server
Hardware Appliance and Virtual Appliance and self installed Linux Systems
- Start WinSCP
- Open a new connection by clicking „New“.
- Use the settings as shown in the screenshot
- Use the URL of your Cryptshare Server as Hostname
- The password for the root user has been shipped to you with delivery of the Appliance
- Click 'Login' to establish a connection to your appliance
- By default the home directory of the root user will be shown.
- browse to /opt/cryptshare-3/lib/security (on virtual or hardware appliance) or <Cryptshare-Installation Directory>/lib/security (on self installed system)
- Copy the keystore to your Cryptshare Server by e.g. drag & drop (overwrite existing).
- Restart Cryptshare by either clicking on 'Save changes' in System-Settings of the Administration Interface or by the cli command below.
rccryptshare restart
Windows-based systems (manual installation)
- Save the previously created Keystore to the subfolder 'lib/security' of your Cryptshare Installation.
- Restart Cryptshare by either clicking on "Save changes" in System-Settings of the Administration Interface or by restarting the following service 'CryptshareService'.