Steps to Create a Security Certificate

Steps to Create a Security Certificate

WSS requires that the browser has a root certificate of authority (CA) to communicate securely to another (server) process which uses a server side certificate compatible with the CA. The following is an example on how to create the certificates using OpenSSL.

Warning
Ranger Remote versions 2.2.3.0 and above will no longer allow certificates created with 1024-bit RSA keys. This would invalidate all certificates created with SBT's CreateWindowsCertificate (attached in this article) prior to the October 2024 update. If you are using Ranger Remote 2.2.3.0 or above, please re-create the relevant certificates using the steps described below.
WarningApple's Safari is moving to a 398 day certificate expiration policy effective September 1, 2020. Any two-year certificates created before August 31st will still work until their issued expiration date.



Step 1: Download and Install OpenSSL
  1. If you do not already have an OpenSSL installation on your workstation, you can find a download link here. 
                  Link:  https://slproweb.com/products/Win32OpenSSL.html
                  Alternative link for OpenSSL binaries: https://wiki.openssl.org/index.php/Binaries
  1. We recommend installing the 32bit full version (although 64 bit OpenSSL installation should also work fine for our purposes since the certificates are architecture agnostic.  You do not need to switch to 32bit version, if you already have a 64 bit installation on your workstation). 
  1. During the installation, feel free to select Copy OpenSSL dlls to Windows System Directory option.
NotesNote for OSX: OpenSSL might be installed on MacOS workstations by default. 

Step 2: Download Attachment:  OpenSSLCreateCertWinMacV2

You can find the attachment at the bottom of this page. Please download and extract the contents of this folder. The zip file should have the following 4 files in the same directory
  1.  openssl.cnf
  2. createWindowsCertificate.bat (for Windows)
  3. createfilesMac.sh (for Mac)
  4. v3.ext

Step 3: Edit the CNF File with Your Organizational Information
  1. .cnf file in this package is the configuration file. Both scripts use the .cnf file to create the certificates with the specified configurations.
  2. The .cnf file included in this package is provided as an example. If you want to create your own .cnf file or if you already have one that you use, feel free to replace it.
  3. If you decided to use the example .cnf file provided in this package, it is crucial that you edit the file with the correct organizational information.
  4. The section under [ req_distinguished_name ] should always reflect your current information, and the default SBT values should not be used.  All other sections can remain the same, or further edited based on your organizational needs.

Step 4: Run the Appropriate Script:
  1. For Mac/OSX, createFiles.sh
  2. For Windows, createWindowsCertificate.bat (double click should be enough)
  3. After running the script, you should see the relevant files created within the same directory. For Ranger Remote WSS connection, you will need the following files.:
    1. Server.pem
    2. RootCA.pem
Idea
please save these files for future use/reference. 

Step 5: Installing Ranger Remote

Once you obtain your certificates, all you need to do is to put them in the same directory as the Ranger Remote installer that you have and then run the installer. During the installation, if you select the WSS installation option, the Remote installer will detect the two .pem files and correctly configure service and browser settings using the certificates. 



Copyright © 2023 Silver Bullet Technology
 www.sbullet.com

    • Related Articles

    • Silver Bullet Signed Certificate Policy

      Silver Bullet Technology, Inc. has the ability to use Web Socket Secure (WSS) communications with its Ranger Remote client/server platform. This security layer requires the use of signed certificates to create this secure connection. For the security ...

    • What Are the Steps to Resolve a Missing Windows DLL?

      If you receive the above dialog when attempting to run RangerFlex, the steps to resolve this issue are as follows: How Do I Uninstall All Ranger Components? Unplug the device from the computer Uninstall all Ranger Components Update Windows. This can ...

    • Should I create a new project or use the sample plug-in code?

      We recommend that you create a new plug-in project and copy in the code that you need from our sample projects. Ranger® - The universal check scanner interface Copyright © 2023 Silver Bullet Technology www.sbullet.com

    • How do I use NSIS to create an installer for my plug-in?

      The plug-in SDK page on sbullet.com now contains a link to a zip file containing all essential installers for NSIS. The zip file contains simple instructions, an NSIS installer from the NSIS website, and valuable includes libraries for your NSIS ...

    • What is the plug-in certification process?

      Since our certification process is evolving, we will not charge you for the first certification. There are the high-level certification steps: Send us a scanner to test with. Email us your plug-in some source code and TransportInfo.ini and ...