Steps to set up HTTPS - j5 - 28.0 - Installation & Upgrade - Hexagon PPM

j5 Installation and Upgrade

Language
English (United States)
Product
j5
Search by Category
Installation & Upgrade
j5 Version
2019
  1. Create the Certificate Signing Request (CSR) and Private Key files. To do this, you need to know:

    • the 2-letter country identifier of the installation (for example, US, GB)

    • the state or area

    • the location (usually the city)

    • your organization name

    • the Fully Qualified Domain Name (FQDN) you want j5 to serve from.

      For example, to generate a CSR file j5.example.com.csr and Private Key j5.example.com.key. Our country is ZA, our state is Western Cape, and our location is Cape Town:

      "C:\Program Files (x86)\j5\framework\bin\KeyManager.exe" create-csr j5.example.com.csr j5.example.com.key -c ZA -s "Western Cape" -l "Cape Town" -o "Hexagon j5 ZA" --fqdn "j5.example.com"

      The –fqdn option defaults to the configured j5 Server Name if it isn’t supplied in the command.

  2. Sign the CSR file (j5.example.com.csr in our example).

  3. Return the signed certificate and full certificate chain to us.

To get the full certificate chain

In Chrome on Windows:

  1. Click the padlock PADLOCKicon in the address bar.

  2. Click Certificate (Valid) CERTIFICATEicon

  3. Select the Details tab.

  4. Click Copy to File. The Certificate Export Wizard open.

  5. On the Export File Format window, select the Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B) option and the Include all certificates in the certification path if possible checkbox.

  6. On the File to Export window, enter j5certificate.p7b in the File name box.

  7. Click Finish. The full certificate chain exports to the j5certificate.p7b file on your desktop.

  8. Replace C:\ProgramData\j5\security\ssl\server.crt with this file.

In Firefox on Windows:

  1. Click the padlock FIREFOX-PADLOCKicon in the address bar.

  2. Click the chevron CHERVONicon to the right of Connection secure.

  3. Click More Information.

  4. Click View Certificate.

  5. Scroll down to the Miscellaneous section.

  6. Click the PEM (cert) download option.

  7. Save the file.

  8. Replace C:\ProgramData\j5\security\ssl\server.crt with this file.

To do this with a Domain Certificate Authority

When you are using a Domain Certificate Authority (for example, Active Directory):

  1. Open a cmd shell with sufficient privileges to issue signed certificates.

  2. Navigate to the CSR file’s directory.

  3. Generate the cer and p7b files that need to be returned to the j5 server. In this example, we use j5.example.com.csr - replace this with your file name.

    certreq -submit -attrib "CertificateTemplate:WebServer" j5.example.com.csr j5.example.com.cer j5.example.com.p7b

  • You can use a different CertificateTemplate, as long as it is approved for signing Web Servers.

  • Your Certificate Authority must be configured to sign with a hash at least as strong as SHA256, since weaker hashes are deprecated by Windows and most browsers.

The step above produces two files - the cer file and the p7b file. You import the p7b file to the j5 Server using the KeyManager tool. Keep the cer file, as you may need this to import certificates for your mobile devices.

When you have the p7b file back on the j5 server, the following command imports the certificates and keys into j5:

"C:\Program Files (x86)\j5\framework\bin\KeyManager.exe" import-https-certificate j5.example.com.p7b j5.example.com.key