n
anonymousdoortablet/dthelp.nsfssl-keyring
Protected content
238pages | Our help system contains many pages and videos for you to consume. This includes the complete information on how Door Tablet works, all its features and options, and of course the many benefits for your business. Door Tablet School offers many videos too. |
|
|
Click on images to see them in full screen
B2996E9CB37EF88480258353005BCCE4Create SSL Key-Ring
This document describes how you can create Key-Rings for use with Door Tablet in order to enable HTTPS.
Note: from version 9.1 of Door Tablet we offer a free Key-Ring which contains a certificate for a domain: https://dt-server.win. See here
Overall steps
- Download two utilities, and Notepad++
- Create CSR
- Send CSR to Certificate Authority so that they can provide certificates
- Create a Key-Ring
- Embed a variety of files in the Key-Ring
- Deploy the Key-Ring to the Door Tablet server
- Test your work
Downloading the utilities
To perform the certificate related tasks in this document you will need two utilities which you will use using a command prompt. We will show examples of calls.
OpenSSL
Use this tool to create Certificate Requests and private keys.
- Download OpenSSL from here https://s3.amazonaws.com/doortablet/misc/OpenSSL.zip
- Unzip the contents of the zip to a folder of your choice. You will need to be in this directory to perform some commands
kyrtool
We use this tool to create a Key-Ring and insert certificates and private keys into the Key-Ring. There are two types of kyrtool, a 32bit or 64bit. Download the one that matches the Door Tablet server you have installed.
- For the 32bit, get the tool from here: https://s3.amazonaws.com/doortablet/misc/kyr32/kyrtool.exe
- For the 64bit, get the tool from here: https://s3.amazonaws.com/doortablet/misc/kyr64/kyrtool.exe
- Place the tool you have downloaded in the Door Tablet server program directory
Notepad++
Create a CSR
To create a certificate request we use the OpenSSL tool from a command prompt.
Lets assume that you have placed the tool in... C:\SSL\OpenSSL
- Create a folder where all the files you create will be found... C:\SSL\Certs
- Change directory to the bin folder as follows: cd C:\SSL\OpenSSL\bin
- Set the OpenSSL database as follows: set OPENSSL_CONF=C:\SSL\OpenSSL\bin\openssl.cfg
- Generate RSA key as follows: openssl genrsa -out C:\SSL\Certs\server.key 4096
- You are now ready to create the CSR: openssl req -new -sha256 -key C:\SSL\Certs\server.key -out C:\SSL\Certs\server.csr
- During the last call you will be asked a few questions
Fill the information in this way (sample filled):
Country Name (2 letter code) [AU]: | GB |
State or Province Name (full name) [Some-State]: | |
Locality Name (eg, city) []: | London |
Organization Name (eg, company) [Internet Widgits Pty Ltd]: | Public.Class Limited |
Organizational Unit Name (eg, section) []: | |
Common Name (e.g. server FQDN or YOUR name) []: | dt.corp.com |
Email Address []: | myemail@corp.com |
A challenge password []: | password123 |
An optional company name []: | |
Send the CSR you created to your CA
- The CSR is in C:\SSL\Certs\server.csr
- Open the file with Notepad++
It looks like this:
Process the certificates from your CA
When you submit you CSR to your CA they may enter into a validation process which could take time, depending on your certificate choices and service. As the Door Tablet server is not open for the public choose a low cost certificate. We also recommend that you use an external CA as this will save you time when deploying the system. When using your internal CA you will need to install root certificates on the Door Tablet end points, but you won't need to do this if the certificate is already installed on your devices (many are pre-installed).
Copy the certificates to the right place
- Copy the crt files you received and place them in the same folder where the CSR and the key were placed. In our case its C:\SSL\Certs\
Note: if your provider sends you a CA-Bundle file you will need to ask them for standard crt files instead
To absorb the certificates you will need to use the "kyrtool" in this order:
- Copy the crt files you received and place them in the same folder where the CSR and the key were placed. In our case its C:\SSL\Certs\
- Create a Key-Ring
- Insert root certificates
- Insert private key
- Insert host certificate
Once you have completed these steps you will end up with a Key-Ring file and a Key-Ring password file. These two files need to be installed in the Door Tablet server and as described here (bottom of the page).
Create a Key-Ring
Before you use the "kyrtool" application you need to change directory to the Door Tablet server install directory, for example:
cd c:\door-tablet
or
cd c:\Program Files (x86)\doortablet
You may now perform the calls using "kyrtool".
To create the Key-Ring. The first parameter points at the notes.ini file of the syste. The second parameter names the Key-Ring file and the last one the password.
kyrtool =c:\door-tablet\notes.ini create -k C:\SSL\Certs\dt.kyr -p password123
You will now insert root certs, starting with root and intermediate. For example:
kyrtool import roots -i C:\SSL\Certs\AddTrustExternalCARoot.crt -k C:\SSL\Certs\dt.kyr
kyrtool import roots -i C:\SSL\Certs\COMODORSAAddTrustCA.crt -k C:\SSL\Certs\dt.kyr
kyrtool import roots -i C:\SSL\Certs\COMODORSADomainValidationSecureServerCA.crt -k C:\SSL\Certs\dt.kyr
Now import the key you have already created when you worked on the CSR
kyrtool import keys -i C:\SSL\Certs\server.key -k C:\SSL\Certs\dt.kyr
Finally, import the host certificate
kyrtool import certs -i C:\SSL\Certs\dt_corp_com.crt -k C:\SSL\Certs\dt.kyr
Your Key-Ring is now ready to deploy to the Door Tablet server. Please remember that the Key-Ring file needs to be copied together with the .sth file. Please refer to this page