FH Web Encryption (SSL Transport)

Using a Trusted Certificate Authority for Your Server Certificate

To obtain a server certificate from a CA that is trusted by the client operating system, consult the documentation from the CA of your choice using the following information as a guide. FH Web uses the Apache mod_ssl package for encryption.  The CA will require a Certificate Signing Request(CSR).

It is very important that you follow your CA's instructions or the SSL Certificate will to work.  FIREHOUSE Software will not be able to support certificates provided by Certificate Authorities.  Please contact your Certificate Authorities support department.

To generate a CSR:

• Download OpenSSL from http://www.openssl.org/related/binaries.html. (Please note that you must install the full version of OpenSSL: Win32OpenSSL-v0.9.8a.exe.)
• Install OpenSSL on the FH Web Server.
• Click Start | Run.
• Type cmd, and press [Enter].
• Type the following command to generate a private key for the server:
  • [OPENSSL_DIR]\bin\openssl genrsa -out server.key 1024 where OPENSSL_DIR is the path to the directory in which OpenSSL is installed (e.g., C:\OpenSSL).
• Type the following command:
  [OPENSSL_DIR]\bin\openssl req -new -key server.key -out server.csr
• Running this command will prompt you for the attributes to be included in your certificate, as follows:
  • Country Name: US
  • State: your state
  • Locality: your city
  • Organization: your company name
  • Organizational Unit: your department
  • Common Name: your server's name
  • E-mail Address: your e-mail address

Unless you are using a wildcard SSL Certificate, the Common Name must match the host name of the FH Web Server (i.e., the name that users will specify when connecting to the server). Any variation in the name will cause the client to issue a warning when connecting. The output of the above command will be a file named server.csr, which can be sent to your CA. Since FH Web's SSL implementation is based on the OpenSSL toolkit, the tools used are the same as those used in other OpenSSL-based products, such as the Apache mod_ssl package. Follow instructions provided by your CA for the mod_ssl package to obtain a certificate for your server.

When your CA sends you the signed server certificate file, save it as server.crt. Copy this file and the server.key file (generated in step 5 above) to a directory on the FH web Server that can be accessed from the System account and accounts that belong to the Administrator group but that cannot be accessed from normal user accounts. Finally, select the signed certificate file in the Connection Manager, as described below.

To select the server certificate:

• From the Connection Manager, click Tools | Server Options.
• Click the Security tab.
• In the Transport list, select SSL.
• Type or browse to the path to the server‘s certificate (e.g., server.crt) file in the SSL Certificate box.
• Click OK.