32. Self-Signed Certificate Generator

Allows for the quick creation of Self-Signed private and public keys for HTTPS.

C:\Program Files (x86)\OVERLAPS\selfsignedgen.exe
The Self-Signed Certificate Generator Tool
The Self-Signed Certificate Generator Tool

It is strongly recommended to enable HTTPS support in OVERLAPS to ensure your site and data are kept secure. In order to do this you need a TLS/SSL certificate file, and while most of our customers choose to use either a Third-Party Certificate Authority or their own internal Certificate Authority, some may choose to generate a standalone Self-Signed certificate to use.

We have created a guide for generating your own Self-Signed certificate using OpenSSL which can be found here. However, to make this process easier we have also created a simple Self-Signed Certificate Generator utility and included it with OVERLAPS.

32.1 Filling out Certificate Information

The tool requires you to fill out the following fields:

Primary Address

This is the primary URL you will be using to access OVERLAPS from your web browser. Do not include the "http://" or "https://" or any trailing slashes, just enter the host address itself (for example "overlaps.contoso.com").

Organisation Name

Enter the Common Name of your organisation.

Issuer Name

Use this to specify who issued the certificate. If this is left blank then the Organisation Name value will be used.

Country

Select your country from the dropdown list. If your country isn't listed, just enter the Two-Letter ISO3166 code for your country (see here for more information).

Additional Address List

If you expect to access OVERLAPS by any other URLs, such as the server's hostname, or its IP address, then add them here by clicking the Add button. This will populate the Subject Alternative Names (SAN) property of the certificate with this information, which will allow the client's web browser to verify that the certificate is valid for the URL they are accessing.

Certificate Lifetime (months)

How many months you want the certificate to be valid for. The current standard and default value for this is 12 months.

RSA Key Strength

The size of the RSA encryption key that is generated for the certificate. Higher numbers are more secure, but may not be supported by all web browsers, so it is currently recommended to leave this as 2048 bits.

32.2 Generate the Certificate

Click the Generate Certificate button to start the generation process.

Self-Signed Certificate Generation Process Completed
Self-Signed Certificate Generation Process Completed

32.3 Saving your Certificates

The generated Certificate can now be saved to two files:

  • The Private Key file (.pfx) which you will use with the Configuration Utility to setup HTTPS on the OVERLAPS server.
  • The Public Key file (.crt) which you will distribute to the Trusted Root Authority folder on client computers via Group Policy so that they know that the private key can be trusted.
Saving your Self-Signed Certificate
Saving your Self-Signed Certificate
Note that even with the certificate in the Trusted Root Authority folder, some browsers will still show a warning about the certificate being Self-Signed.