OS4X Core - Regenerate certificate request

From OS4X
Revision as of 09:39, 20 January 2015 by Admin (talk | contribs)
Jump to navigation Jump to search

In case of an expiring or expired certificate, you need to re-request a certificate at a given CA. Using OS4X's built-in capability to regenerate a certificate signing request (CSR) from an existing certificate gives you an easy to use way to do this task.

Requirements

The following requirements must be met before this described process may work:

  • You already have a certificate and private key combination uploaded to the "CSR" management panel, say: you have a green line indicating that you have such an entry.
  • Your webserver (PHP) is able to communicate to the internet via https

If no communication is possible, you can manually download the CSR and send it to us via eMail to contact@os4x.com, but the most common way is the direct communication.

Find certificate

In order to re-request a certificate signing request, navigate to the administrative web interface to the menu entry "Certificates" -> "Cert.request". In the new panel, search your certificate you want to use for regenaration and click on the "gear" icon File:Cog.png (labeled as "Use certificate of CSR ..."):

Google ChromeScreenSnapz134.png

Issue new CSR

In the new window, click on the button "Regenerate new certificate request based in this certificate".

Google ChromeScreenSnapz135.png

If the issued certificate was issued by the c-works OFTP2 CA, then your request is sent online to the CA, you don't need any interaction.

If the issued certificate was not issued by the c-works OFTP2 CA, then you have to download the CSR with the "Save" icon File:Database save.png.

Receiving certificate

You will receive your certificate via eMail, addressed to the eMail address in the request field "eMail address". As an attachement, the certificate file will be contained. Upload the certificate file in the CSR panel via the "Upload certificate" button:

Image-CertRequest7.png

Your line of the corresponding certificate request will instantly turn green:

CertRequest8.png

Use the certificate

With a green line, you can use this issued certificate (in combination with your private key) for any security operation in OFTP2. To ease up the configuration, click on the 5th icon on the left labeled with "Use certificate...". A new panel opens:

CertRequest9.png

If your configured OFTP2 TLS server certificate is writable by the webserver, you can easily write a new version of that file. A backup of the old file will be made, if possible (give the webserver write permissions to the directory where the certificate file is configured to). Afterwards, restart your OS4X daemons in order to activate the new certificate (active transfers are not affected).

If you have OFTP2 security enabled (secure authentification, file encryption, file signing or signed EERPs) for all, some or even one partner, you can use the buttons and comboboxes below in order to activate this certificate as an instant or future replacement of your current configuration. The certificate will then be saved in the partner's configuration and the partner is being informed by this change with an Odette OFTP2 certificate exchange mechanism.