Adding an SSL Certificate to a DATAssure™
To enable HTTPS communication between a browser and a DATAssure™, you need to add an SSL Certificate to a DATAssure™ system.
See our step-by-step process on how to add an SSL Certificate below.
Route to add a certificate: SETTINGS => NETWORKING => Upload SSL Certificate
Step 1 – Create a Sub-domain on Your SSL Certificate
A sub-domain for the DATAssure™ will need to be created on the SSL certificate, issued by the certificate generating body.
A copy of the updated certificate needs to be downloaded from the issuer. The certificate file types can be “.pem, .crt, .cer, or .key” file format.
In our instance we added “d3.tek-troniks.com” to our certificate at our issuing body, Go Daddy.
We downloaded our certificate from the Go Daddy web site in the “.crt” format.
For SSL to work both the certificate and a private key are required see steps 2 & 3 below.
Step 2 – Certificate
Open the file to ensure it contains the certificate (the certificate can be opened using a text file editor like MS Word or Notepad).
The certificate will be contained within the file between the —- BEGIN CERTIFICATE—- and —-END CERTIFICATE—- statements.
Copy & paste the certificate including the —- BEGIN CERTIFICATE—- and —-END CERTIFICATE—- in to the Certificate box on the DATAssure™ SSL certificate window.
Step 3 – Private Key
IMPORTANT – the private key MUST be in an RSA format.
The private key will normally be generated on your own servers or via a third-party software programme, contact your IT department for a copy of your private key in an RSA format.
Our private key was generated on our server, it included the certificate and the private key in a “.pfx” (MII 7) file format. We converted the “.pfx” file to a “.pem” file using Open SSL;
- file name was tek-cert.pfx
- with Open SSL, IN – tek-cert.pfx OUT – tek-cert.pem
We then converted the “.pem” file to the RSA format;
- with Open SSL, IN – tek-cert.pem OUT – tek-cert-rsa.pem
Open the file to ensure it contains the RSA key (the .pem file can be opened using a text file editor like MS Word or Notepad).
The key will be contained within the file between the —- BEGIN RSA PRIVATE KEY—- and —-END RSA PRIVATE KEY—- statements.
Copy & paste the key including the —- BEGIN BEGIN RSA PRIVATE KEY—- and —-END RSA PRIVATE KEY—- in to the SSL key box on the DATAssure™ SSL certificate window.
Step 4 – Authorise & Submit
To authorise the SSL Certificate, enter your user password used to access the DATAssure™.
Press submit and after pressing submit the page should respond with ‘success’, if the SSL certificate has been successfully applied.
Switch the DATAssure™ off, wait a few second then switch it back on. This reboots the system and when you login via the network interface again it will now be in HTTPS mode.
Step 5 – Stop HTTP Connectivity
Redirecting port 80 is needed to stop HTTP non-secure connectivity once an SSL certificate has been added.
Route to redirecting port 80; SETTINGS => SITE SETTINGS => SYSTEM SET-UP => Redirect Port 80 SSL
Select the on toggle to redirect port 80, HTTP connectivity over port 80 will no longer be accessible.