An SSL certificate is an effective way to secure a website against unauthorized interception of data. At its simplest, an SSL Certificate is used to identify the website and encrypt all data flowing to and from the Certificate holder’s Website.
z/Scope Anywhere includes a valid SSL certificate and all communications will be encrypted by the product’s default certificate.
Would you like to use your own certificate? Do you need to add special configurations to the default SSL settings? Then just follow this tutorial.
HOW TO INSTALL A SECURE SSL CERTIFICATE FOR Z/SCOPE ANYWHERE
To manage your SSL certificates you must open z/Scope Anywhere Gateway and click the little certificate icon:
You can either use our certificate or configure your own.
If you want to use our default certificate you should set the files as shown below:
To create a self signed certificate just click on ‘Create a self-signed certificate’. This will bring up the following dialog box:
- Country Code: The two letter country code of the International Organization for Standardization (ISO 3166)
- State: Full unabbreviated name of the state or province your organization is located.
- Locality: Full unabbreviated name of the city where your organization is located.
- Organization: The name your company is legally registered under.
- Organizational Unit: Use this field to differentiate between divisions within an organization.
- Common Name: The domain name or URL you plan to use this certificate with.
- E-Mail Address: Company email address.
- Bits: We recommend using a 2048 length key.
IMPORTANT: Keep in mind that this certificate has not been issued by a known Certificate Authority (CA), hence, the web browsers will warn you they can not verify its authority.
REQUEST AND INSTALL A CA CERTIFICATE FOR YOUR SERVER
To acquire a valid certificate from a Certificate Authority (such as GoDaddy, VeriSign, Thawte, GeoTrust, etc.), you will need to create a certificate request with the ‘Create a Certificate Request’ button.
The page will ask you to fill a form similar to the one above, but instead of creating a self signed certificate file it will create 2 files:
- Private key: You should always keep this safe with you.
- Request key: This has to be sent to the Certificate Authority (CA).
The CA will send you back the certificate file and the certificate chain file (or CA File). With these files and the private key you are ready to configure your Server certificate.
Bear in mind z/Scope Anywhere only supports PFX format certificates. PFX certificates usually have extensions such as .pfx, .crt, .cer, and .key. They are Base64 encoded ASCII files and contain “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” statements.
You can convert any .PFX certificates from any Certificate Authority to usable .PEM certificates using the following SSL converter webpage: https://www.sslshopper.com/ssl-converter.html
If you have any questions regarding the SSL certificate management, you can leave a comment below or email us at [email protected].