Adding an SSL Certificate to a D3
To enable HTTPS communication between a browser and a D3, you need to add an SSL Certificate to a D3 system
See our step by step process on how to add an SSL Certificate below.
Route to add a certificate: SETTINGS => NETWORKING => Upload SSL Certificate
Step 1 – Create a sub-domain on your SSL certificate
A sub-domain for the D3 will need to be created on the SSL certificate, issued by the certificate generating body.
A copy of the updated certificate needs to be downloaded from the issuer. The certificate file types can be “.pem, .crt, .cer, or .key” file format
In our instance we added “d3.tek-troniks.com” to our certificate at our issuing body, Go Daddy.
We downloaded our certificate from the Go Daddy web site in the “.crt” format.
For SSL to work both the certificate and a private key are required see steps 2 & 3 below.
Step 2 – Certificate
Open the file to ensure it contains the certificate (the certificate can be opened using a text file editor like MS Word or Notepad).
The certificate will be contained within the file between the —- BEGIN CERTIFICATE—- and —-END CERTIFICATE—- statements.
Copy & paste the certificate including the —- BEGIN CERTIFICATE—- and —-END CERTIFICATE—- in to the Certificate box on the D3 SSL certificate window.
Step 3 – Private Key
IMPORTANT– the private key MUST be in an RSA format.
The private key will normally be generated on your own servers or via a third party software programme, contact your IT department for a copy of your private key in an RSA format
Our private key was generated on our server, it included the certificate and the private key in a “.pfx” (MII 7) file format.
We converted the “.pfx” file to a “.pem” file using Open SSL;
- file name was tek-cert.pfx
- with Open SSL, IN – tek-cert.pfx OUT – tek-cert.pem
- with Open SSL, IN – tek-cert.pem OUT – tek-cert-rsa.pem
Open the file to ensure it contains the RSA key (the .pem file can be opened using a text file editor like MS Word or Notepad).
The key will be contained within the file between the —- BEGIN RSA PRIVATE KEY—- and —-END RSA PRIVATE KEY—- statements.
Copy & paste the key including the —- BEGIN BEGIN RSA PRIVATE KEY—- and —-END RSA PRIVATE KEY—- in to the SSL key box on the D3 SSL certificate window.
Step 4 – Authorise & Submit
To authorise the SSL Certificate enter your user password used to access the D3.
Press submit and after pressing submit the page should respond with ‘success’, if the SSL certificate has been successfully applied.
Switch the D3 off, wait a few second then switch it back on. This reboots the system and when you login via the network interface again it will now be in HTTPS mode.
Step 5 – Stop HTTP Connectivity
Redirecting port 80 is needed to stop HTTP non-secure connectivity once an SSL certificate has been added.
Route to redirecting port 80; SETTINGS => SITE SETTINGS => SYSTEM SET-UP => Redirect Port 80 SSL
Select the On toggle to redirect port 80, HTTP connectivity over port 80 will no longer be accessible.