SSL on Jace 7
I have a customer that is requiring SSL certificates to be used on a project that I doing. I am currently have a Jace 7 with 3.7.106 installed on it and I have no clue how to do this. They are wanting to use an external certificate from Verisign but I can't firgure out to set it up. All the documents from Distech that I am finding are for setting up internal certificates and nobody at Distech seems to know how to do it, let alone what I am talking about. Any help would be apperciated.
Have not tried in on a Jace but have had my own certs signed by a CA before.
You need to generate a CSR for each Jace and supervisor and send that to verisign who will then sign and return. That should be able to be installed just as a self signed certs are.
Just glossing over docSSL...
"If you are connected to a JACE using a crossover cable, you can use PlatformServices to create
a new server certificate, generate a CSR, have the certificate signed, and import the signed certificate
into the Key Store."
"Create a CSR for each server certificate
For each server certificate to be signed by an intermediate certificate (or the root certificate if your installation
is small), a Certificate Signing Request (CSR) is required. This procedure is the same if you are
using the default server certificate or a server certificate that you created."
Should be easy enough if you can get the CSRs generated. Be damn sure you have everything square before you send it off, they will likely charge to correct things afterwords. I would start by getting everything (or a handful and the super if this is a huge install) working on self signed certs to make sure you have everything correct. After that it should be fairly simple to generate CSRs, ship them off, and swap out the certs when they come back.
Typically the cert is locked to the domain, so if the domain name changes the cert is useless. I would suspect the CN and alias will be set in stone once signed. So if your using IPs, they better not change. If they are FQDNs, again they better not change. After the certs are signed you will have to go back to veri$ign for any changes. Again make sure everything works and the network setup is fixed before going about this.
Last edited by orion242; 04-16-2014 at 07:09 PM.