Certificate Authority
Previous Topic  Next Topic 

Obtaining a certificate through a Certificate Authority is the best way to ensure control over your certificate's details.


Go to a Certificate Authority such as Name Cheap. SSL certificates start at $7.95 per year.


You will need to generate a CSR (Certificate Signing Request). You can do this with OpenSSL. Download the latest OpenSSL version here.


Open a command window (Windows key + R and type "cmd" then enter key). Type the following commands to generate the data, replacing "server" and "myserver" with the name of your files.


cd C:\OpenSSL-Win32\bin\

openssl genrsa -out server.key 2048

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr -sha256


Then follow the directions at whichever Certificate Authority you chose.


Once your Certificate Authority has processed your payment and created the certificate, it will be emailed to you.


Combine the .key and .cert files you received in step 6. To do this, use a text editor like notepad and paste the contents of both files into a new file named Fusion.pem (not Fusion.pem.txt)


IMPORTANT: The format for Fusion.pem must be:


-----BEGIN CERTIFICATE-----

*certificate in here*

-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----

*RSA key in here*

-----END RSA PRIVATE KEY-----


If your Certificate Signing Authority uses alternate root or intermediate certificates, ensure they are pasted at the start of the text file. For instance, Positive SSL will send you your signed public key plus a Root CA Certificate (AddTrustExternalCARoot.crt) and an Intermediate CA Certificate - PositiveSSLCA2.crt.


Continue to the FireDaemon Fusion SSL Integration section below to get your SSL certificate working with FireDaemon Fusion.