Generate Certificate¶
This option allows you to generate a certificate signing request (CSR) and temporary certificate. You will send the CSR to the Certificate Authority (CA) of your choice. Once you receive a signed version from the CA, you will update the certificate in NETLAB+. Use this option if you do not have a signed certificate and private key for your organization, or you do not want to use Let’s Encrypt.
Navigate to > Settings > Network Settings
Click Configure SSL
Click Add Certificate
Select the option to Generate a Certificate Signing Request
Click Next
Create Certificate Signing Request¶
Fill in the fields on the form with the information appropriate for your site.
- Entry Name:
The name used to manage this certificate. The hostname is recommended. Letters must be lowercase. No spaces are permitted.
Example: netlab.myschool.edu
- Server Name:
The fully qualified domain name (FQDN) of your server. This name must match exactly what you type in your web browser, or you will receive a name mismatch error. Wildcard certificates cannot be generated by NETLAB+.
Example: netlab.example.edu
- Organization:
The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC.
Example: Digitech College of Southern California
- Organizational Unit:
The division of your organization handling the certificate.
Example: Computer Science Department
- City:
The city where your organization is located.
Example: Los Angeles
- State/Region:
The state or region where your organization is located. This should not be abbreviated.
Example: California
- Country:
The country where your organization is located.
Example: United States
- Email Address:
An email address used to contact your organization.
Example: support@example.edu
- Private Key Length (bits):
The length of the private key to generate in bits.
2048 is recommended and now required by most certificate authorities. 4096-bit certificates are currently not supported for performance reasons.
- Signature Algorithm:
The algorithm used to sign the request.
SHA-256 is now used by most certificate authorities. SHA-1 is an older algorithm and is no longer recommended.
Click Submit
NETLAB+ has generated a new private key, certificate signing request, and self-signed certificate.
Download Certificate Signing Request¶
Click Download Certificate Signing Request
The certificate signing request (a file of encrypted text named Entry Name.csr) will be downloaded to your local machine. Submit this file to the Certificate Authority (CA) of your choice. Typically, a small annual fee is charged by the CA for this service. After you receive a signed version of your certificate from the CA, you will use it to replace the unsigned version.
Replace Self-Signed Certificate¶
Navigate to > Network Settings
Click Configure SSL
You will be replacing the self-signed certificate that you created. The default certificate is indicated to be the active certificate. This is necessary since you cannot replace an active certificate. If the default is not currently the active certificate, select it and the option to activate it on the Action dropdown.
Select the self-signed certificate you created.
Click Replace button to replace the certificate.
Paste the signed certificate you received (.pem or .crt format) from
the CA into the New Certificate text box, including the header and footer
lines, and click Submit.
Note
The certificate must be in PEM format. The PEM certificate format uses the following header and footer lines, which should be included:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Return to the certificate page.
Verify that your certificate now indicates it is signed (as shown below).
Click Activate.
You will be prompted to confirm that you want to activate the certificate.
Select Proceed.
A message will indicate that the certificate has been activated and that the webserver will restart shortly to clear its SSL cache.
Click OK
Verify that the signed certificate is now active (see the Status in the picture below). If the signed certificate is not active, it may be necessary to log off the system, close your browser window, and then re-enter the system.
Verify that your browser address now indicates HTTPS. It may be necessary to log off the system, close your browser window, and then re-enter the system.
