|
Note:
The main Troubleshooting section of this document (5. Above) is valid for SSL settings as well. Make sure you read it as well.
The section below only deals with SSL specific issues:
Preparing SSL Certificate files (including converting them to the .pem file format if needed).
This issue is relevant only when you configure Commit Web Interface to use SSL.
Commit requires that your certificate files all have the .pem format.
If your certificates are in another format, convert them to the .pem format by following these instructions:
Note1: This procedure assumes that you have already received your key and certificate pair from a Certificate Authority (like Verisign or Thawte) and that you have installed them in Microsoft Internet Explorer under the Personal Certificates tab.
Note2: To install the certificates in Internet Explorer, follow these instructions:
Open Internet Options… window: Internet Explorer > Tools > Internet Options…
Navigate to the: Content tab
Click on the "Certificates" button
The Certificates Window dialog box will open.
Navigate to the Personal tab, select the Import option and follow the wizard to install your certificate.
2. Export Certificate
The first step is to export your certificate to a .pfx file format.
Open Internet Options… window: Internet Explorer > Tools > Internet Options…
Navigate to the Content tab.
Click on the Certificates.
The Certificates Window dialog box will open.
Navigate to the Personal tab, select your installed certificate and select Export.
Follow the wizard and select to export it as a .pfx file (Personal Exchange Format).
You may optionally protect it with a password.
3. Convert the exported .pfx file to a .pem format
To convert the .pfx file to a .pem file, you need to use a utility called openssl.exe.
The utility can be downloaded from Commit's web site at the following URL:
http://www.CommitCRM.com/downloads/openssl.exe
After downloading this file and saving it to your disk, open a command window and navigate to the folder where the utility is stored. Run the following command:
openssl.exe pkcs12 –in <your file>.pfx –out <your file>.pem
Where <your file> is the name of the file created during the export phase.
Openssl.exe will prompt you for a password. Enter it if you used one during the export phase, or leave it blank if you did not specify one.
It will also prompt you for a new password for the .pem file. This is optional, but if you protect it with a password be sure to enter the SSLPassword token in the CommitWebInterface.ini file as explained above.
4. Splitting the .pem file
Now it is time to split the newly created .pem file into the different files required by Commit Web Interface.
If you examine the new .pem file with Notepad, you will notice that it consists of two parts:
* the private key
* the certificate (public key) part
Using Notepad, create a file called Key.pem
Into this file, paste everything between AND including these two statements:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
Using Notepad create a file named: Cert.pem
Into this file, paste everything between AND including these two statements:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
The final stage is to obtain the Root.pem file.
This is the Certificate Authority certificate file. You can obtain this from
Internet Explorer > Tools > Internet Options…
Navigate to the Content tab and click on Certificates.
In Trusted Root Certificate Authority tab, select the Authority that issued your certificate and the Export it in Base64 (cer) format.
The exported file format is the SAME as the .pem format, so after exporting it simply rename the file Root.pem and save it with the other certificate file in folder
<Installation_DIR>\Commit\WebInterface
|