Adding an SSL Certificate to a D3

To enable HTTPS communication between a browser and a D3, you need to add an SSL Certificate to a D3 system

See our step by step process on how to add an SSL Certificate below.

Route to add a certificate: SETTINGS => NETWORKING => Upload SSL Certificate

Upload an SSL certificate to a monitoring system

Step 1 – Create a sub-domain on your SSL certificate

A sub-domain for the D3 will need to be created on the SSL certificate, issued by the certificate generating body.
A copy of the updated certificate needs to be downloaded from the issuer. The certificate file types can be “.pem, .crt, .cer, or .key” file format

In our instance we added “d3.tek-troniks.com” to our certificate at our issuing body, Go Daddy.
We downloaded our certificate from the Go Daddy web site in the “.crt” format.

For SSL to work both the certificate and a private key are required see steps 2 & 3 below.

Step 2 – Certificate

Open the file to ensure it contains the certificate (the certificate can be opened using a text file editor like MS Word or Notepad).
The certificate will be contained within the file between the —- BEGIN CERTIFICATE—- and —-END CERTIFICATE—- statements.

Copy & paste the certificate including the —- BEGIN CERTIFICATE—- and —-END CERTIFICATE—- in to the Certificate box on the D3 SSL certificate window.

Step 3 – Private Key

IMPORTANT– the private key MUST be in an RSA format.

The private key will normally be generated on your own servers or via a third party software programme, contact your IT department for a copy of your private key in an RSA format

Our private key was generated on our server, it included the certificate and the private key in a “.pfx” (MII 7) file format.
We converted the “.pfx” file to a “.pem” file using Open SSL;

  • file name was tek-cert.pfx
  • with Open SSL, IN – tek-cert.pfx OUT – tek-cert.pem
We then converted the “.pem” file to the RSA format;
  • with Open SSL, IN – tek-cert.pem OUT – tek-cert-rsa.pem

Open the file to ensure it contains the RSA key (the .pem file can be opened using a text file editor like MS Word or Notepad).
The key will be contained within the file between the —- BEGIN RSA PRIVATE KEY—- and —-END RSA PRIVATE KEY—- statements.

Copy & paste the key including the —- BEGIN BEGIN RSA PRIVATE KEY—- and —-END RSA PRIVATE KEY—- in to the SSL key box on the D3 SSL certificate window.

Step 4 – Authorise & Submit

To authorise the SSL Certificate enter your user password used to access the D3.

Press submit and after pressing submit the page should respond with ‘success’, if the SSL certificate has been successfully applied.

Switch the D3 off, wait a few second then switch it back on. This reboots the system and when you login via the network interface again it will now be in HTTPS mode.

Step 5 – Stop HTTP Connectivity

Redirecting port 80 is needed to stop HTTP non-secure connectivity once an SSL certificate has been added.

Route to redirecting port 80; SETTINGS => SITE SETTINGS => SYSTEM SET-UP => Redirect Port 80 SSL

Select the On toggle to redirect port 80, HTTP connectivity over port 80 will no longer be accessible.

Posted in