Reporter 9.x uses a self-signed SSL certificate. This causes client Web browsers to flag the certificate as untrusted and display a warning message to users.
To avoid this message, Reporter must be configured to use an SSL certificate that is signed by a trusted certification authority.
This article assumes that the environment used is a Windows-based domain, with an available certification authority (either root, or an intermediate), and that IIS is installed on a member server of this domain.
Important: This process generates and installs a new SSL certificate for IIS. If you do not want to use this new certificate in IIS, back up your existing certificate and private key before attempting these steps.
The first phase is to request an SSL certificate from the certification authority by using the IIS management console:
The next phase is to export the SSL certificate and private key and convert them into a format that is usable by Reporter:
The exported PFX file now must be converted into a format that is readable by Reporter. OpenSSL is included with Reporter and can be used to perform these steps.
# Export the private key file from the pfx file openssl pkcs12 -in filename.pfx -nocerts -out key.pem # Export the certificate file from the pfx file openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem # This removes the passphrase from the private key openssl rsa -in key.pem -out server.key
The final step is to configure Reporter to use the exported and converted SSL certficate and private key.
Reporter now uses the Windows CA generated certificate.
Clients that are a member of the Windows domain will trust this certificate and will not pop up warning messages.
LINKS TO OTHER RELEVANT ARTICLES:
Creating a Certificate Signing Request (CSR) for Reporter 9.x: 000008805