Categories
Configuration Knowledge Support Support Categories exacqVision Webservice Products

Creating a Self-Signed SSL Certificate

Before Beginning…

  • Self-signed certificates are NOT secure. It is recommended to use Let’s Encrypt (configurable via the web service UI) if you do not wish to pay for the cost of a trusted HTTPS certificate.
  • A self-signed certificate allows you to use a web browser, but does not work with mobile devices. Only trusted third-party certificates work with mobile devices.
  • This document assumes that ExacqVision Web Service 3.0 or later has been installed with the default settings.

Requirements

You will need the OpenSSL program to create a self-signed certificate. The method of obtaining this program varies based on the operating system used.

  • Linux – OpenSSL is included by default on all modern Ubuntu distributions. If for any reason it is not, run:
    sudo apt-get install openssl
    in a Terminal window and follow the prompts.
  • Windows – The easiest way is to obtain a pre-compiled executable from SourceForge:
    1. Navigate to http://gnuwin32.sourceforge.net/packages/openssl.htm
    2. Under the ‘Download’ section, click the link labeled ‘Zip’ beside the row labeled ‘Binaries’.
    3. After downloading, extract (unzip) the contents of this file.
    4. The executables extracted may then be run independently without installation. OpenSSL.exe is located within the ‘bin’ folder of the extracted Zip file contents. The following procedures explain how to continue.

Note: A certificate generated on either platform will work on the other
(i.e.- a certificate generated using openssl on Linux can be used with a Windows web service).

Windows Procedure

  1. Open a CMD window.
  2. Navigate into the unzipped directory, then into the ‘bin’ directory in which the recently extracted OpenSSL executable resides.
  3. Create a self-signed certificate by typing the following:
    openssl.exe req -new -x509 -sha256 -days 365 -nodes -out server.crt -keyout server.key -config ..\share\openssl.cnf
  4. When running this command you will be prompted to enter several fields. Answer the questions according to your needs. COMMON NAME should be the IP address or FQDN that you use to access your ExacqVision Web Service (www.domain.com).
  5. Place the resulting files (server.crt, server.key) according to your ExacqVision Web Service version:
    • 8.4 and above: Use the web service configuration interface to configure HTTPS using the generated files.
      1. Log in to your Web Service Configuration page
      2. Expand the Configuration menu
      3. Click HTTPS
      4. Click Configure
      5. Select External and import your generated .crt and .key files.
      6. Apply the changes
      7. Click the link to restart the web service
    • 3.0 to 8.2: use the file explorer and CMD
      1. place the files in the following directory
        C:\Program Files[ x86 ]\exacqVision\WebService\Apache\conf
      2. Using CMD, stop the web service: net stop webservice
      3. Using CMD, start the web service: net start webservice

Linux Procedure

  1. Open a Terminal window
  2. Create a self-signed certificate by entering the following command:
    openssl req -new -x509 -sha256 -days 365 -nodes -out server.crt -keyout server.key
  3. When running this command you will be prompted to enter several fields. Answer the questions according to your needs. COMMON NAME should be the IP address or FQDN that you use to access your ExacqVision Web Service (www.domain.com).
  4. Place the resulting files (server.crt, server.key) according to your ExacqVision Web Service version:
    • 8.4 and above: Use the web service configuration interface to configure HTTPS using the generated files.
      1. Log in to your Web Service Configuration page
      2. Expand the Configuration menu
      3. Click HTTPS
      4. Click Configure
      5. Select External and import your generated .crt and .key files. Apply the changes
      6. Click the link to restart the web service
    • 3.0 to 8.2: use the file explorer and Terminal
      1. place the files in the following directory
        /etc/evapache
      2. Using Terminal, restart the web service:
        sudo /usr/local/exacq/webservice/service.sh restart