10.4Self-Signed Certificate Generator
C:\Program Files (x86)\OVERLAPS\selfsignedgen.exe
It is strongly recommended to enable HTTPS support in OVERLAPS to ensure your site and data are kept secure. In order to do this you need a TLS/SSL certificate file, and while most of our customers choose to use either a Third-Party Certificate Authority or their own internal Certificate Authority, some may choose to generate a standalone Self-Signed certificate to use.
We have created a guide for generating your own Self-Signed certificate using OpenSSL which can be found here. However, to make this process easier we have also created a simple Self-Signed Certificate Generator utility and included it with OVERLAPS.
10.4.1Step 1. Filling out Certificate Information
The tool requires you to fill out the following fields:
This is the primary URL you will be using to access OVERLAPS from your web browser. Do not include the "http://" or "https://" or any trailing slashes, just enter the host address itself (for example "overlaps.contoso.com").
Enter the Common Name of your organisation.
Use this to specify who issued the certificate. If this is left blank then the Organisation Name value will be used.
Select your country from the dropdown list. If your country isn't listed, just enter the Two-Letter ISO3166 code for your country (see here for more information).
10.4.1.5Additional Address List
If you expect to access OVERLAPS by any other URLs, such as the server's hostname, or its IP address, then add them here by clicking the Add button. This will populate the Subject Alternative Names (SAN) property of the certificate with this information, which will allow the client's web browser to verify that the certificate is valid for the URL they are accessing.
10.4.1.6Certificate Lifetime (months)
How many months you want the certificate to be valid for. The current standard and default value for this is 12 months.
10.4.1.7RSA Key Strength
The size of the RSA encryption key that is generated for the certificate. Higher numbers are more secure, but may not be supported by all web browsers, so it is currently recommended to leave this as 2048 bits.
10.4.2Step 2. Generate the Certificate
Click the Generate Certificate button to start the generation process.
10.4.3Step 3. Saving your Certificates
The generated Certificate can now be saved to two files:
- The Private Key file (.pfx) which you will use with the Configuration Utility to setup HTTPS on the OVERLAPS server.
- The Public Key file (.crt) which you will distribute to the Trusted Root Authority folder on client computers via Group Policy so that they know that the private key can be trusted.
Note that even with the certificate in the Trusted Root Authority folder, some browsers will still show a warning about the certificate being Self-Signed.