IQ Bot 11.x: Create a self-signed certificate with Subject Alternative Name
- Última actualización2022/08/30
IQ Bot 11.x: Create a self-signed certificate with Subject Alternative Name
Create a self-signed certificate with Subject Alternative Name (SAN) when you want to use an SSL certificate for multiple domains.
- Create a file with the name domain.cnf and add the
following configuration as per your
requirement:
[req]
default_bits = 2048
prompt = no
default_md = sha256
x509_extensions = v3_req
distinguished_name = dn
[dn]
C = ES
ST = MyState
L = MyCity
O = MyOrg
emailAddress = email@mydomain.com (Any email address)
CN = sss-laptop136.aaspl-brd.com (CR FQDN Url Name)
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = sss-laptop136.aaspl-brd.com (CR FQDN Url Name)
DNS.2 = sss-laptop151.aaspl-brd.com (IQBOT URL FQDN Name)
- Download the Openssl utility.
- Create the certificate either on Microsoft Windows or on Linux:
- Run the following command to create the certificate on Microsoft
Windows:
openssl.exe req -new -x509 -newkey rsa:2048 -sha256 -nodes -keyout "D:\ssc\ssc\key.key" -days 3560 -out "D:\ssc\ssc\cert.crt" -config "D:\ssc\ssc\domain.cnf"
-
Run the following command to create the certificate on Linux:
openssl req -new -x509 -newkey rsa:2048 -sha256 -nodes -keyout /tmp/cert/key.key -days 3560 -out /tmp/cert/cert.crt -config /tmp/cert/domain.cnf
- Run the following command to create the certificate on Microsoft
Windows:
- Create the .pfx file from cert and key file:
-
Run the following command to create the .pfx file from the cert and key file on Microsoft Windows:
openssl.exe pkcs12 -export -out "D:\ssc\ssc\sss-aspl.pfx" -inkey "D:\ssc\ssc\key.key" -in "D:\ssc\ssc\cert.crt"
-
Run the following command to create the .pfx file from the cert and key file on Linux:
openssl.exe pkcs12 -export -out /tmp/cert/sss-aspl.pfx -inkey /tmp/cert/key.key -in /tmp/cert/cert.crt"
-
- Import the .pfx file in Microsoft IIS.
Use the same .pfx file with the installation of IQ Bot.
- Run the following command to import the certificate in the Java
keystore:
keytool.exe -import -alias dev -keystore "C:\Program Files (x86)\Java\jre1.8.0_91\lib\security\cacerts" -file "D:\cert\xyz.com.crt"
Based on the type of operating system 32-bit / 64-bit, this C:\Program Files (x86)\Java\jre1.8.0_91\lib\security\cacerts directory can differ.
If the certificate is not imported in the Java keystore, then Control Room shows the following error message: Java security certificate path validator signature check failed.
- Go to %installation_dir%\Configurations and run stopanduninstallallservices.bat as an administrator.
- Go to %installation_dir%\Configurations and run installandstartervices.bat as an administrator.
- Import the cert.crt file to the Trusted Root using the Microsoft Management Console (MMC).