Using an SSL Certificate with Jet Hub
Overview
In order for users to access Jet Hub from outside your network, the server running Jet Hub must:
- Be running Microsoft IIS
- Be configured in DNS
- Have a secure SSL/TLS certificate installed and be bound to Jet Hub.
There are a few steps to go through to obtain and install your certificate.
Purchase an SSL Certificate
You want to purchase a certificate from a Certificate Authority so that it will be trusted on nearly all computers in the world.
A Domain Validated certificate is sufficient and low cost, however Extended Validation and Wildcard certificates will also work. Self-signed certificates are not recommended as they will not be recognized on users' computers.
What is a Certificate Authority?
Your certificate will be obtained from a Certificate Authority (CA). Certificate Authorities are organizations that act as a trusted third party to provide assurance to your users that information passed to and from your server is secure.
There are a number of CAs available to choose from. If your organization does not already have a specific CA, a basic internet search will help you find one.
For the CA list, see Certification Authority.
General Process
The process of ordering a certificate goes something like this:
- Prepare by getting your server set up and getting your WHOIS record updated, etc.
- Generate the Certificate Signing Request (CSR) on the server
- Submit the CSR and other info to the Certificate Authority (who will validate your domain and company)
- Receive and install the issued certificate
-
Preparing your WHOIS record
When you purchase a certificate for a particular domain name, the Certificate Authority (CA) needs to ensure that you own the domain name that you are getting the certificate for and that you are authorized to order the certificate. This is primarily done by making sure that the WHOIS record (the ownership and contact information associated with each domain name) matches the company name and address that is submitted with the certificate order. Some CAs will call the phone number listed in the WHOIS record and many will send an email to the address listed there so make sure you have the correct information listed. You can check the WHOIS record for your domain name here
-
Generate the Certificate Signing Request
What is a CSR (Certificate Signing Request)?
A CSR or Certificate Signing Request is a block of encrypted text that is generated on the server that the certificate will be used on. It contains information that will be included in your certificate such as your organization name, common name (domain name), locality, and country. It also contains the public key that will be included in your certificate. A private key is usually created at the same time that you create the CSR.
What is contained in a CSR?
NAME EXPLANATION EXAMPLES Common Name The fully qualified domain name (FQDN) of your server. This must match exactly what you type in your web browser or you will receive a name mismatch error. *.google.com mail.google.com Organization The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC. Google Inc. Organizational Unit The division of your organization handling the certificate. Information Technology
IT Department
City/Locality The city where your organization is located. Mountain View State/Country/Region The state/region where your organization is located. This should *NOT* be abbreviated. California Email address An email addres used to contact your organization webmaster@google.com Public Key The public key that will go into the certificate The public key is created automatically. What does a CSR look like?
Most CSRs are created in an encoded format referred to as "PEM".
This format includes the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- lines at the beginning and end of the CSR.
Such a CSR can be opened in a text editor and looks like the following example:
-----BEGIN CERTIFICATE REQUEST-----MIIfyjCDJVPbJRQZwgYkxCAZJfgNVfZYTZlVTMRMwEQYDVQQIEpQDYWxpAm5yfmlhMRYwbZYDVQQHEw1Nf3VudGZpfifWZWV3MRMwEQYDVQQKEwpHf25nfGUgSW9jMR8wHQYDVQQLExAJfmAvcm1hdGlvfifUAWNofm5sf2d9MRcwbQYDVQQDEw93d3cuA25vA2xlLmNvfTCfnAZKSKCIENMiG5w0fZQEbZZOfjQZwgYkCgYEZpAtYJCHJ4VpVXHbVIlstQTlO4qC03hjX+AkPyvdYd1Q4+qfZeTwXmCUKYHThVRd9ZXSqlPAyIfwieMArWblRQddA1ZJDHDdVRDWwZo60KecqeZXnnUK+9bXoTI/UgWshre8tJ+x/TMHZQKR/JcIWPhqZQhsJuAAfvZdGZ80fLxdMCZwEZZZZZMZ0GCSqGSIf3DQEffQUZZ4GfZIhl4Pvbq+e7ipZRgI9Zkbd523yu97gbjd;l44DTo0JkwbRDb+ftrsZC0q68eTb2XhYQ0uZ0ZVog3b9iJxCZ3Hp9gxfJQ6AV6kJ0TEsuZZOhEko5sdpCoPOnRfm2i/XRD2D6iNh8b8A0ShGsbqjDgbHyb3o+lUyj+UC6H1QW7fn-----END CERTIFICATE REQUEST-----
Using your Certificate Authority's Utilities
Some Certificate Authorities have proprietary utilities to aid you in the creation and submission of your CSR, and the installation of the certificate. If you have a particular CA in mind, contact them for specifics.
Otherwise, here is some general information about how to create a CSR within supported versions of Microsoft IIS.
How to Create a CSR
There are various types of certificates available (depending upon the type of web server you use). Jet Hub requires the use of Microsoft IIS - so your certificate must support IIS.
If you are not using a CA's utilties to create your CSR, you can create the CSR directly within IIS. The steps used to create a CSR vary slightly depending upon the version of Windows Server and IIS that you are using.
Click the link for the version of IIS you are using:
Creating a CSR in Microsoft IIS 7
-
Submitting your CSR
Contact your Certificate Authority of choice (if you are not using the utility provided by a CA, visiting their web site is your best option).
The site will have an area where you can submit your CSR.
Follow the instructions provided by the CA.
This may involve uploading your CSR file or opening the file in Notepad, copying the contents, and pasting those contents in the area provided.
Example:
-
Installing your Certificate
Once you receive you certificate, you are ready to install it and bind Jet Hub to it:
Installing and Binding an SSL Certificate in IIS 7