You can use these procedures to establish trust for test installations and proof-of-concept testing. Important: For production SpanVA deployments, we strongly recommend that you use a well-known CA signed certificate or a certificate signed by your trusted enterprise CA.
1. Create the certificate and key Open a terminal window and use the following OpenSSL command to create a self-signed certificate and key (all on one line):
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt
After you issue this command, OpenSSL prompts you for more information, then creates the certificate and key pair example.crt and example.key.
Note: When OpenSSL prompts you for a common name, enter the SpanVA FQDN (if configured) or IP address.
2. Import the certificate as the trusted root CA
- Locate and double-click the example certificate you created earlier. Your Mac opens the Add Certificates box to prompt whether you want to add the certificate.
- From the Keychain menu, choose System , then click Add .
- If prompted, enter the admin username and password for your computer.
- Locate the new certificate in the list and double-click it. The certificate is listed by the IP address or FQDN you used as the Common Name when creating the certificate with OpenSSL.
- Click the arrow to expand the Trust area. Then, from the Secure Sockets Layer (SSL) menu, choose Always Trust.
- Restart Chrome.
- In Chrome, open Settings > Show Advanced Settings.
- In the HTTPS/SSP area, click Manage Certificates . Chrome opens the window shown below.
- On the Certificates window, click Import and browse to the example.crt certificate.
- Click Install Certificate .
- On the Certificate Import Wizard, choose the certificate store Trusted Root Certification Authorities , then click Next .
- In the Certificates list, locate the new certificate and double-click it. Then make sure that in the Certificate Purposes area, the checkbox for Server Authentication is marked.
- Restart your Chrome browser.
3. Import the certificate into SpanVA
- In the SpanVA web interface, open the Certificates tab, then click Add Server.
- The Add Server Certificate panel opens.
- In the Select Server Certificate area, click Browse and locate the example.crt file you created with OpenSSL.
- In the Select Private Key File, click Browse and locate the example.key file you created with OpenSSL.
- In the Description area, enter a description for the certificate.
- Click Submit. The next time you open SpanVA in your browser, the browser trusts SpanVA, and does not show a security alert.