Server Certificates
The Server Certificates view provides for the management of X509 certificates used for HTTPS connections. Three types of certificate resources may be managed:
- Certificate Signing Requests - A Certificate Signing Requests (CSR) is a request for a new certificate which will be forwarded to a Certificate Authority (CA) for signing. The CSR contains the identity parameters for the new certificate.
- Server Certificates - Server Certificates are X509 certificates that have been signed by a trusted Certificate Authority. When a CSR is submitted to a CA, a signed certificate is returned and installed in LightWave Server. Server Certificates may be used to configure HTTPS Ports by specifying the certificate Common Name (CN) in the Port configuration.
- Intermediate Certificates - Intermediate Certificates are certificates that help establish the trust chain between a Server Certificate and the CA that signed it. Intermediate Certificates, if necessary, are supplied by the CA.
The process of requesting a new certificate and installing it in the server is as follows:
- Create a Certificate Signing Request
- Submit the CSR to a Certificate Authority for signing
- The CA will optionally verify the identity information in the CSR and generate a signed certificate.
- The CA will return the signed certificate with any necessary Intermediate Certificates
- The signed certificate and Intermediate Certificates are installed.
- The certificate my now be used to configure HTTPS ports.
You may also import an existing server certificate and private key created from another source. The import file must be in PKCS12 format.
A trusted HTTPS connection requires a Server Certificate signed by a recognized Certificate Authority. For testing purposes, LightWave Client provides for generation of self signed certificates which are immediately valid for use as Server Certificates. You may also use free Certificate Signing services such as getaCert to test the certificate signing process. Although useful for testing, these certificates will result in certificates verification errors when used and should never be used for production services.
Create a Certificate Signing Request
Begin the CSR creation process by selecting the 
| Common Name | Enter the fully qualified host name of your server, for example, www.example.com |
Alternate Host Names | Enter a comma separated list of alternate host names for your server. Note that your CA may not support this feature. |
Country Code | Select country from the drop down list. |
State or Province | Enter the state or province of your organization. Abbreviations should be avoided. |
City | Enter the locality name of your organization. |
Organization | Enter the name of your organization. This field is optional |
Organizational | Enter the name of the unit within your organization. This field is optional |
Select the self signed certificate option if you wish to generate and install a self signed certificate. When the Create button is selected the new CSR or self-signed certificate is displayed. If a CSR was created, you may select and copy the CSR content from the display, or download the CSR as a file by selecting the 
Install the Signed Certificate
To install the signed certificate returned by the CA, open the associated CSR and select the 
Install Intermediate Certificates
If your CA provides Intermediate Certificates, they may be installed by selecting the
Using Certificates
Once installed, a certificate may be used to enable the HTTPS protocol on LightWave Client console ports. The ports must be configured at CONSOLE startup. Use the Common Name (see above) when specifying the port. See CONSOLE Command Line Options for more information about configuring TCP/IP ports.
tacl> run console --console-ports 80 443:www.example.com --service-ports 8080 8443:www.example.com |