Anonymousprnt::Y
Find:

   |


 
 
Click on images to see them in full screen

Create SSL Key-Ring

This document describes how you can create Key-Rings for use with Door Tablet in order to enable HTTPS.

Note: from version 9.1 of Door Tablet we offer a free Key-Ring which contains a certificate for a domain: https://dt-server.win. See here Database 'Door Tablet HELP', View 'Help Documents', Document 'https://dt-server.win'

Overall steps

  1. Download two utilities, and Notepad++
  2. Create CSR
  3. Send CSR to Certificate Authority so that they can provide certificates
  4. Create a Key-Ring
  5. Embed a variety of files in the Key-Ring
  6. Deploy the Key-Ring to the Door Tablet server
  7. Test your work

Downloading the utilities
To perform the certificate related tasks in this document you will need two utilities which you will use using a command prompt. We will show examples of calls.

OpenSSL
Use this tool to create Certificate Requests and private keys.
  1. Download OpenSSL from here https://s3.amazonaws.com/doortablet/misc/OpenSSL.zip
  2. Unzip the contents of the zip to a folder of your choice. You will need to be in this directory to perform some commands

kyrtool
We use this tool to create a Key-Ring and insert certificates and private keys into the Key-Ring. There are two types of kyrtool, a 32bit or 64bit. Download the one that matches the Door Tablet server you have installed.
  1. For the 32bit, get the tool from here: https://s3.amazonaws.com/doortablet/misc/kyr32/kyrtool.exe
  2. For the 64bit, get the tool from here: https://s3.amazonaws.com/doortablet/misc/kyr64/kyrtool.exe
  3. Place the tool you have downloaded in the Door Tablet server program directory

Notepad++

Create a CSR
To create a certificate request we use the OpenSSL tool from a command prompt.
Lets assume that you have placed the tool in... C:\SSL\OpenSSL
  1. Create a folder where all the files you create will be found... C:\SSL\Certs
  2. Change directory to the bin folder as follows: cd C:\SSL\OpenSSL\bin
  3. Set the OpenSSL database as follows: set OPENSSL_CONF=C:\SSL\OpenSSL\bin\openssl.cfg
  4. Generate RSA key as follows: openssl genrsa -out C:\SSL\Certs\server.key 4096
  5. You are now ready to create the CSR: openssl req -new -sha256 -key C:\SSL\Certs\server.key -out C:\SSL\Certs\server.csr
  6. During the last call you will be asked a few questions

Fill the information in this way (sample filled):
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Public.Class Limited
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:dt.corp.com
Email Address []:myemail@corp.com
A challenge password []:password123
An optional company name []:

Send the CSR you created to your CA
  1. The CSR is in C:\SSL\Certs\server.csr
  2. Open the file with Notepad++
It looks like this:


Process the certificates from your CA
When you submit you CSR to your CA they may enter into a validation process which could take time, depending on your certificate choices and service. As the Door Tablet server is not open for the public choose a low cost certificate. We also recommend that you use an external CA as this will save you time when deploying the system. When using your internal CA you will need to install root certificates on the Door Tablet end points, but you won't need to do this if the certificate is already installed on your devices (many are pre-installed).

Copy the certificates to the right place
  1. Copy the crt files you received and place them in the same folder where the CSR and the key were placed. In our case its C:\SSL\Certs\
Note: if your provider sends you a CA-Bundle file you will need to ask them for standard crt files instead

To absorb the certificates you will need to use the "kyrtool" in this order:
  1. Copy the crt files you received and place them in the same folder where the CSR and the key were placed. In our case its C:\SSL\Certs\
  2. Create a Key-Ring
  3. Insert root certificates
  4. Insert private key
  5. Insert host certificate
Once you have completed these steps you will end up with a Key-Ring file and a Key-Ring password file. These two files need to be installed in the Door Tablet server and as described here Database 'Door Tablet HELP', View 'Help Documents', Document 'Enabling HTTPS' (bottom of the page).

Create a Key-Ring
Before you use the "kyrtool" application you need to change directory to the Door Tablet server install directory, for example:
cd c:\door-tablet
or
cd c:\Program Files (x86)\doortablet

You may now perform the calls using "kyrtool".
To create the Key-Ring. The first parameter points at the notes.ini file of the syste. The second parameter names the Key-Ring file and the last one the password.
kyrtool =c:\door-tablet\notes.ini create -k C:\SSL\Certs\dt.kyr -p password123

You will now insert root certs, starting with root and intermediate. For example:
kyrtool import roots -i C:\SSL\Certs\AddTrustExternalCARoot.crt -k C:\SSL\Certs\dt.kyr
kyrtool import roots -i C:\SSL\Certs\COMODORSAAddTrustCA.crt -k C:\SSL\Certs\dt.kyr
kyrtool import roots -i C:\SSL\Certs\COMODORSADomainValidationSecureServerCA.crt -k C:\SSL\Certs\dt.kyr

Now import the key you have already created when you worked on the CSR
kyrtool import keys -i C:\SSL\Certs\server.key -k C:\SSL\Certs\dt.kyr

Finally, import the host certificate
kyrtool import certs -i C:\SSL\Certs\dt_corp_com.crt -k C:\SSL\Certs\dt.kyr

Your Key-Ring is now ready to deploy to the Door Tablet server. Please remember that the Key-Ring file needs to be copied together with the .sth file. Please refer to this page Database 'Door Tablet HELP', View 'Help Documents', Document 'Enabling HTTPS'