This article shows how to upload a PEM certificate into your Access Manager 1.2 server starting right from step one, generating the initial CSR. If you already have a valid signed certificate then jump to step 2. If you have a PFX or P12 certificate please follow the article titled "How to Upload a PFX or P12 Certificate in Access Manager 1.2".
Step 1: Generate a CSR
1. Log into Access Manager as admin and go to Configuration > SSL and expand the “Upload Keys and Certificates” section, select the option “Generate Key + Certificate”. If you have already generated your server key during installation select “Download CSR” and go to point 4.
2. Complete the requested information
Common Name: The fully-qualified domain name, or URL, you're securing.
If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example*.coolexample.com.
Organization Unit: If applicable, enter the DBA (doing business as) name.
Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requester’s name.
City or Locality: Name of the city where your organization is registered/located. Do not abbreviate.
State or Province: Name of the state or province where your organization is located. Do not abbreviate.
Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
Select Finish once information entry is complete, the SSL Server Key is created and the service must be restarted for it to be applied correctly.
3. After the service restart completes and the SSL Server Key have been applied return to Configuration > SSL and expand the “Upload Keys and Certificates” section again, now select the “Download CSR” option.
4. Click Continue and then 'Download', save the file to a safe location
5. Give the CSR to a certificate authority such as GoDaddy so that it can be signed. If your Certificate Authority requests which type of server generated the CSR you should specify Apache/ModSSL.
Step 2: Uploading Root or Intermediate PEM Certificates
Once you have received your signed certificate from the certificate authority you may be given a choice of download options, if possible we recommend downloading the certificate as a single file with all Root and Intermediate certificates included within, but not the Key, in PEM format and then go straight to Step 3. If that is not possible then download all required certificates in PEM format.
If you have a root or intermediate certificate to upload these need to be uploaded first.
Go to Configuration > SSL and expand the Upload Keys and Certificates section and select the Trusted CA Certificate option.
1. Select “Choose File” and browse to the select your root or intermediate certificates and then select “Upload”
2. Repeat this process for all root and intermediate certificate
Step 3: Uploading your Certificate
For secure, trusted access you must install an SSL server certificate on the Nervepoint Access Manager server. The uploaded certificate file must have the following characteristics:
The server certificate must be issued by a Certification Authority (CA) that is trusted by end users. For best results, use a commercial CA such as VeriSign, Thawte or GeoTrust.
The certificate must be in Privacy Enhanced Mail (PEM) format, a text-based format that is a Base64 encoding of the binary Distinguished Encoding Rules (DER) format. (If your certificate is in PFX or P12 follow the article titled, Upload a PFX or P12 Certificate.
The certificate file must include a private key and the private key must not be encrypted. There should be no password required to use the PEM file.
Go to Configuration > SSL and expand the Upload Keys and Certificates section and select the Signed Server Certificate option.
Select “Choose File” and browse to the Signed Certificate provided by your Certificate Authority and then select “Upload”.
Once the certificate has been installed Access Manager will prompt for a restart in order to apply the new certificate
To complete the integration the service must now be restarted. This can be done from the “Power” button in the footer or through the VM Console.
Once the system has restarted go to the Access Manager main page and open the certificate information, the certificate information should now match that of the server certificate that was uploaded, and assuming you are connecting to the same address that the certificate is valid for it should also be Trusted.