Client Certificate Management - Elatec TCP3 3.0.3.1 Technical Manual

6. Configuration via Web Page
Country codes can be looked up at a number of websites, for example: https://www.ssl.com/country-
codes/
Enter the details on the CSR sheet then select Create. If the details are correct a "Processing" pop up will
appear. If any issues occur during creation of the CSR a pop up will appear to indicate creation failed. If
CSR creation fails any error messages will be presented in the Status Log. Please correct the issue then
try again. After 10-15 seconds the web browser will download a file with a .csr extension. This "CSR file"
is the specially formatted request for a Signed Certificate.
Once the CSR is created you can either open it or save it. If you select save it will typically be stored in the
default folder your browser uses for downloaded items, the "Downloads" folder. Once the CSR has been
saved it needs to be submitted to the signing authority for the server you plan to interact with. Amazon.com
is one option but check with your IT personnel for the Certificate Authority used by your organization. The
unsigned cert which TCP3 creates will be in PEM format. Please ensure that the PEM format is retained
during the signing process. Once you receive the signed CSR it can be uploaded to TCP3 by selecting
"Install Signed CSR" which follows. Either drag and drop the CSR or navigate to the folder where it is
stored and upload it. Next follow the instructions for installing the signed certificate.
Create a Self-Signed Certificate In most cases a self-signed certificate is sufficient for installation. This
certificate will be used to encrypt communication to any host PC in communication with the TCP3 web
pages using HTTPS. Select "self-signed Certificate" and when TCP3 completes processing, select HTTPs
then reboot. All further web page communication will take place over HTTPS.
Note: Many web browsers do not trust Self-Signed Certificates. In these cases the browser may show
warnings or require extra steps to navigate to web sites. Some web browsers will completely block access
to web sites using Self-Signed Certificates. End users accessing TCP3 configuration web pages may
encounter these issues.
Install Signed Certificate If a signed cert is available for upload to TCP3, select "Install Signed Certifi-
cate" then either click in the box labeled "Select Signed Cert File" then drag and drop the previously signed
certificate file into the box or click in the box and then navigate to the location where the certificate file is
stored. Select the file then select Open and the certificate will be uploaded. If the Certificate Authority
provided multiple files, upload the file containing the name given to the TCP3 with a file extension of .cer,
.crt, .der, or .pem. Upload the Certificate Authority's root certificate into the "Select CA file for Signed Cert."
section. This file will typically have the word "root" in it with a file extension of .cer, .crt, .der, or .pem. If not
provided with a root certificate one can download it from the Certificate Authority's web site
At this point if all that needs to be configured is server communication, HTTPs can be selected and then
TCP3 can be rebooted or one can continue with the rest of the configuration items.
6.3.2. Client Certificate Management
Install Cert. Authority This section is used to upload certificate authority certificates which can be used
to build a chain of trust. Certificates can be managed, either added or removed as needed. Selecting the
down arrow in the Installed Cert Authorities box will enable viewing all of the certs installed.
To enable TCP3 to validate a certificate provided by a web service it needs to have the Root Certificate
of the Certificate Authority that signed the SSL certificate used by the web service. A root certificate can
be downloaded from the Certificate Authority's web site. To install Certificate Authority Root Certificates:
Click the "Install Cert. Authority" button. A dialog form will appear. Upload the Certificate Authority's root
certificate into the "Select Cert. Authority File" section. Select the Close button then apply followed by a
reboot.
Page 37 of 61