USING A SELF-SIGNED CERTIFICATE
groov
Box User’s Guide
42
Using a Self-Signed Certificate
A self-signed certificate encrypts communications, but does not include a digital signature from a
commercial CA. It is free and easy to configure, but if you want to avoid having your users see an
untrusted site warning every time they use
groov
, you must install the self-signed certificate in the
browser certificate store for every browser that will access
groov
. This type of certificate is a good
solution for a small set of
groovs
and a small set of client browsers that you can configure.
Follow these steps to create and install a self-signed certificate:
“Step 1: Create a Self-Signed Certificate and Private Key” on page 42
“Step 2: Add the Self-Signed Certificate to a Browser Trust Store on a Computer” on page 46
“Step 3: Install an SSL Certificate on Mobile Devices” on page 49
Step 1: Create a Self-Signed Certificate and Private Key
Follow the steps below to generate the following components required to configure self-signed
certificate SSL communication. The self-signed certificate is automatically installed on the
groov
Box.
•
Private Key
: This must be kept secret and never shared. Keep a copy of it in a safe and secure
place. There is also a
Public Key
included in the signed certificate. You will not handle the
public key using
groov
Admin.
•
Signed Certificate
: Contains identification information, the public key, and a digital signature.
Identification information includes the server name and the name of the organization that
controls the server. The self-signed certificate is digitally signed by the Private Key to establish
authenticity. The Certificate is automatically installed on the
groov
Box.
To generate a private key and self-signed certificate:
1.
In
groov
Admin, select Networking > SSL Configuration.
2.
Click the Create certificate tab.
3.
Fill in the Create SSL key form as follows:
Server name
: Enter the
(or
hostname
) of this
groov
Box that client
browsers will use to access
groov
. (See also,
“Changing the Hostname, DNS Servers, or IPv4
.) The server name may contain letters a–z (case insensitive), digits 0–9, or
a hyphen (-). No other characters are allowed. The server name must not start with a hyphen.
For example, if the URL you will use to access
groov
in client browsers is
https://process1.acme.com
, then you enter
process1.acme.com
If you have multiple
groovs
with fully qualified hostnames all with the same domain, another
option is to create a self-signed wildcard certificate. For example, if you have two
groovs
with
the hostnames
groov1.foo.com
and
groov2.foo.com
, you can create a certificate that has the
hostname
*.foo.com
. The same private key and certificate are then installed on all the
groovs
.
Summary of Contents for GROOV BOX
Page 1: ...GROOV BOX USER S GUIDE FOR GROOV AT1 Form 2077...
Page 7: ...groov Box User s Guide for GROOV AT1 vi...
Page 23: ...STEP 10 CREATE NEW USERNAMES AND PASSWORDS groov Box User s Guide for GROOV AT1 16...
Page 47: ...SETTING THE SYSTEM TIME groov Box User s Guide 40...
Page 67: ...TROUBLESHOOTING groov Box User s Guide for GROOV AT1 60...
Page 69: ...DIMENSIONS groov Box User s Guide for GROOV AT1 62 Dimensions...