...
In order to make InternetExplorer and other windows services trust self signed certificates, please follow the steps described here.
Preparing a CSR (Certificate Signing Request) from your eDMS-server with OpenSSL
When you create a Certificate that you want to have signed by a CA (a commercial one or the one of your corporation) you can generate your csr inside the eDMS Virtual Machine.
in Order to make your cert also compatible with Google Chrome (the browser) you need to prepare a configuration file (here named SAN_CERT.conf) that holds the Additional Names for your certificate. These subjectAltName entries are the Internet Standard (RFC 822) that all browsers comply to, Google Chrome being the only at the Moment completely ignoring the Older Naming Schemes.
An Example is here
| View file | ||||
|---|---|---|---|---|
|
you need to edit this file and for all entries in <angle brackets> you have to enter your own data.
then copy this file to /storage/nginx
and execute
| Code Block | ||
|---|---|---|
| ||
openssl req -new -sha256 -out patricia-edms.csr -config SAN_CERT.conf -keyout patricia-edms.key |
where the filenames for patricia-edms.* can be replaced by your own choice.
The same goes for -sha256 you can replace it with a hash algorithm of your choice
What this Open SSL Call generates is a key file and a csr file. Send the csr file to your CA for signing. Do NOT send the key file. Indeed make sure the key file is secured since it is the Basis of your whole https Setup.
You should receive in return a certificate, which you should place in the same folder.