Anonymousprnt::Y
Click on images to see them in full screen

Create SSL Key Ring

This document describe how you could create key-rings for use with Door Tablet in order to enable HTTPS.

Overall steps

  1. Download two utilities, and Notepad++
  2. Create CSR
  3. Send CSR to Certificate Authority so that they can provide certificates
  4. Create a Key Ring
  5. Embed a variety of files in the Key Ring
  6. Deploy the Key Ring to the Door Tablet server
  7. Test your work

Downloading the utilities
To perform the certificate related tasks in this document you will need two utilities which you will use using a command prompt. We will show examples of calls so do not worry.

OpenSSL
We use this tool to create Certificate Requests and private keys.
  1. Download OpenSSL from here https://s3.amazonaws.com/doortablet/misc/OpenSSL.zip
  2. Unzip the contents of the zip to a folder of your choice. You will need to be in this directory to perform some command

kyrtool
We use this tool to create a Key Ring and insert certificates and private keys into the Key Ring. There are two types of kyrtool, a 32bit or 64bit ones. Download that match the Door Tablet server you have installed.
  1. For the 32bit get the tool from here: https://s3.amazonaws.com/doortablet/misc/kyr32/kyrtool.exe
  2. For the 64bit get the tool from here: https://s3.amazonaws.com/doortablet/misc/kyr64/kyrtool.exe
  3. Place the tool you have downloaded to the the Door Tablet server program directory

Notepad++
  1. Get Notepad++ from here https://notepad-plus-plus.org/download


Create a CSR
To create a certificate request we use the OpenSSL tool from a command prompt.
Lets assume that you have placed the tool in... C:\SSL\OpenSSL
Create a folder where all the files you create will be found... C:\SSL\Certs
Change directory to the bin folder as follows:
cd C:\SSL\OpenSSL\bin
Set the OpenSSL database as follows
set OPENSSL_CONF=C:\SSL\OpenSSL\bin\openssl.cfg
Generate RSA key as follows:
openssl genrsa -out C:\SSL\Certs\server.key 4096
You are now ready to create the CSR
openssl req -new -sha256 -key C:\SSL\Certs\server.key -out C:\SSL\Certs\server.csr
During the last call you will be asked a few questions

Fill the information in this way: sample filled
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Public.Class Limited
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:dt.corp.com
Email Address []:myemail@corp.com
A challenge password []:password123
An optional company name []:

Send the CSR you created to your CA
  1. The CSR is in C:\SSL\Certs\server.csr
  2. Open the file with Notepad++
It looks like this...


Process the certificates from your CA
When you submit you CSR to your CA they may enter into a validation process which could take time, depending on your certificate choices and service. As the Door Tablet server is not open for the public chose a low cost certificate. We also recommend that you opt to use an external CA as this will save you time when deploying the system. When using your internal CA you will need to install root certificates on the Door Tablet end points, but you wont need to do this if the certificate is already installed on your devices (many are pre-installed).

Copy the certificates to the right place
  1. Copy the crt files you received and place them in the same folder where the CSR and the key were placed. In our case its C:\SSL\Certs\
  2. Please note that if your provider sends you CA-Bundle file you will need to ask them for standard crt files instead

To absorb the certificates you will need to use the kyrtool in this order:
  1. Copy the crt files you received and place them in the same folder where the CSR and the key were placed. In our case its C:\SSL\Certs\
  2. Create a Key Ring
  3. Insert root certificates
  4. Insert private key
  5. Insert host certificate
Once you completed the above steps you will end up with a Key Ring file and a Key Ring password file. These two files need to be installed in the Door Tablet server and as described here Database 'Door Tablet HELP', View 'Help Documents', Document 'Enabling HTTPS' (bottom of the page).

Create a Key Ring
Before you use the kyrtool application you need to change directory to the Door Tablet server install directory, for example:
cd c:\door-tablet
or
cd c:\Program Files (x86)\doortablet

You may now perform the calls the kyrtool.
To create the key ring. The first parameter points and the notes.ini file of the syste. The second parameter names the Key Ring file and the last one the password.
kyrtool =c:\door-tablet\notes.ini create -k C:\SSL\Certs\dt.kyr -p password123

You will now insert root certs, starting with root and intermediate. For example:
kyrtool import roots -i C:\SSL\Certs\AddTrustExternalCARoot.crt -k C:\SSL\Certs\dt.kyr
kyrtool import roots -i C:\SSL\Certs\COMODORSAAddTrustCA.crt -k C:\SSL\Certs\dt.kyr
kyrtool import roots -i C:\SSL\Certs\COMODORSADomainValidationSecureServerCA.crt -k C:\SSL\Certs\dt.kyr

Now import the key you have already created when you worked on the CSR
kyrtool import keys -i C:\SSL\Certs\server.key -k C:\SSL\Certs\dt.kyr

And, finally, import the host certificate
kyrtool import certs -i C:\SSL\Certs\dt_corp_com.crt -k C:\SSL\Certs\dt.kyr

Your Key Ring is now ready to deploy to the Door Tablet server. Please remember that the key ring file needs to be copied together with the .sth file. Please refer to this page Database 'Door Tablet HELP', View 'Help Documents', Document 'Enabling HTTPS'