Table of Contents
Advertisement
4.
Select the Directory Security tab and click the Server Certificate button.
5.
Select Next, and follow the Certificate Wizard prompts:
a.
Select Create a new certificate, and then Next.
b.
Select Prepare the request now, but send it later, and then Next.
c.
Type a Name for the certificate and select a Bit Length that is a multiple of 8. For most purposes, a bit
length of 1024 is adequate. Longer bit lengths increase security at the expense of more SSL processing.
Select Next.
d.
Type in an Organization (e.g., MyCompany, Inc.) and Organizational Unit (e.g., Marketing); then
select Next.
e.
Type in the Common name for the certificate, and then select Next.
For a server certificate, the Common Name provided must be the DNS-resolvable fully qualified domain
name (FQDN) used by the Equalizer cluster. When a client receives the certificate from the server, the
client browser will display a warning if the Common Name does not match the hostname of the request
URI.
For a client certificate, the Common Name in the client's copy of the certificate is only compared to the
Common Name in the copy of the client certificate on the server, so Common Name can be any value.
f.
Type in a Country/Region, State/province, and City/locality; then select Next.
g.
The last step in the wizard is to name and locate the new CSR. The default name and location will be
c:\certreq.txt unless you choose otherwise.
6.
Visit the SSL vendor's website to submit your certificate request.
7.
Once the SSL vendor has mailed the new signed certificate back to you, do one of the following:
a.
If you are using this certificate with a Layer 4 cluster, copy the new certificate onto the system on which
you generated the request and double-click to install. If this is a server certificate for a server in a Layer 4
TCP or UDP cluster, make sure you attach it to the appropriate web site. If this is a client certificate, make
sure you place the certificate in the Personal certificate store.
b.
If you are using the certificate with a Layer 7 cluster, export your new SSL certificate with your private
key, so that it can be installed on Equalizer:
a.
In IIS, right click on the website for which the certificate was generated and navigate through Properties >
Directory Security > View Certificate > Details.
b.
Select Copy to File, then Next.
c.
Select Yes, export the private key; then Next.
d.
Select PKCS #12 (.PFX); check Enable strong protection; then Next.
e.
Type and confirm the password; then Next.
f.
Enter a file name, e.g. C:\clustercert.pfx; then click Next.
g.
Click Finish.
h.
Click Ok if the export was successful.
i.
The certificate is now ready to be uploaded to the cluster via the Equalizer Administration Interface; see
"Installing Certificates for an HTTPS Cluster" on page 284.
Converting a Certificate from PEM to PKCS12 Format
Many browsers, such as FireFox and Internet Explorer, require private keys and certificates in PKCS12 format for
installation. In order to install client and intermediate certificates into these browsers, you will first have to convert
them from PEM format to PKCS12 format. (Note: if you created your certificate using IIS as explained in the
Equalizer Installation and Administration Guide
Converting a Certificate from PEM to PKCS12 Format
287
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the E350GX and is the answer not in the manual?
Questions and answers