Showing results for 
Search instead for 
Did you mean: 

SSL Certificate

Occasional Contributor

SSL Certificate

hi all,

i installed SA2000 at one of my customer sites, now he is saying that the authentication is not secure, the secure connection starts after the username password authentication, so he want to buy a certificate to make the auth secure.

he said that the browser cant identify the certificate, and he need a but a certificate for his device, honestly i'm not much with this issue and i need your help to finalize this issue.


Re: SSL Certificate

The connection is secure even before entering the user auth because it is an HTTPs connection. However, the cert on the SA is a self-signed cert and the browser does not know which Root CA provided the cert. To get the additional level of security and not have that issue, you need to get a device cert. Go to the Certificates section on the SA, generate a CSR (certificate signing request) and use one of the public root CA to purchase a SSL cert. Once you received the signed cert, you will have to import it to the SA and associate the new cert with whichever port (internal/external) is accepting inbound connection.

For additional details on certs, check the admin guide.

Hope that helps.

Occasional Contributor

Re: SSL Certificate

Agreed it is best if the SA is external to get a cert signed from one of the root CAs that way it is trusted and does not throw any warnings on end user systems. (being how picky browsers are getting now and days, thou this is for a good reason). Also remember you should import the Intermediate Device CA from whatever root CA you pick. There is a link to do this off the Device Certificate page on the CA

Super Contributor

Re: SSL Certificate

Alternately, if your user-base is SMALL and internal (or at least all members of the domain), you can sign the certificate with with your AD Certificate authority and push the CA cert to your users' machines via group policy.

I have a 10 user system, and for non-customer facing servers, this is what we do. For customer facing systems, we bite the bulled and pay for a 'real' certificate.