Generate a HTTPS self-signed certificate - j5 - 30 - Installation & Upgrade - Hexagon

j5 Installation and Upgrade
Language
English
Product
j5
Search by Category
Installation & Upgrade
j5 Version
30

j5 can create a self-signed server certificate with a simple command line interface. This helps j5 integrators to quickly deploy HTTPS to their j5 installation for QA and Testing. While we recommend that your server certificate is signed by a trusted source for production, this is safe to use as long as the required security protocols are in place on your server. This feature is available from Update 16.

It creates the root certificate for you in C:\ProgramData\j5\.ssl. This allows you to build all of your j5 server certificates from one location (in other words, build your production and QA HTTPS server certificates from the test server), and utilize the same root certificate on all of your devices. The server certificate supports the iOS, Android and Chrome expiry requirements and key lengths.

The following is generated:

  • Root CA certificate with 4096 bit RSA key – expires after 15 years

  • Intermediate CA certificate with 4096 bit key – expires after 365 days

  • HTTPS server certificate with 4096 bit key – expires after 398 days

To use the certificate generator, enter the following in your command line:

“C:\Program Files\j5\Framework\bin\KeyManager.exe” generate-certificate <OPTS>

  • --urls: Allows you to pass any domains or hostnames you want to use for HTTPS (comma-separated).

  • --ip: Enter your server IP address(es) (comma-separated).

  • --cn: This is optional for verification but recommended. Set your common name for the certificate.

  • --password: Sets the password for the root and intermediate keys. This is needed every time you run the command.

  • --install: This is used to install the generated certificate on this server.

  • --output: If you don’t want to install the certificate to this server, you can use this to specify the directory to export the certificate to.

  • --help: For more information.

j5 warns you during j5 setup once a day if:

  • Your HTTPS server certificate’s lifespan is longer than 398 days.

  • Your certificate is less than 100 days from expiry.

  • Your certificate is invalid – you won’t be able to proceed until it has been removed or fixed.