From CommitCRM-Wiki

Introduction

When using SSL with the Commit Web Interface, you need to provide the Web Interface with a predefined SSL Certificate, which the server needs in order to encrypt the Web Interface traffic. Businesses which already have SSL Certificates created for their company by a Certificate Authority, and these businesses do not need to go through the hassle of issuing a new certificate, they can simply import the existing certificate on hand, by using these instructions.

However, if you have never issued an SSL certificate, then this article will walk you through the process of creating your first SSL Data Encryption Certificate.

Contents 1 Introduction 2 How to create your SSL certificate 2.1 Download OpenSSL 2.2 Create OpenSSL Config 2.3 Create CSR Request 2.4 Submit CSR Request to CA 2.5 Convert Certificate to .PEM 2.6 Export Root SSL Certificate 2.7 Import files into CommitCRM 2.8 Restart CommitCRM to Finalize This Process

How to create your SSL certificate

Contributed by: Luke Popejoy
Note that in the instructions, anything in [] should be replaced with your own variables.

To get an SSL Cert on Commit Web Interface:

Download OpenSSL

1) Download openssl.exe from here. Save it in a folder on your desktop.

Create OpenSSL Config

2) Create a custom config file for openssl and save it in the save directory openssl.exe is in. Instructions on doing that displayed in step 4. Maybe there's an easier way but that is the only way I could figure out.

Create CSR Request

3) Open a command prompt and "cd" to the directory openssl is in. Run this command:

openssl req -new -newkey rsa:2048 -nodes -out FQDN.csr -keyout Key.key -subj "/C=[COUNTRY ABREVIATION HERE]/ST=[2 DIGIT STATE 
ABBRIATION HERE]/L=[CITY HERE]/O=[ORGANIZATION NAME HERE]/CN=[FULLY QUALIFIED DOMAIN NAME HERE]" -config "opensslconf.cnf" 

Where opensslconf.cnf is the path to the config file you created in step 2. This will create the csr request to give to your Certificate Authority. Take note of the file that is created called Key.key. You are going to need this.

Submit CSR Request to CA

4) Submit the CSR to your Certificate Authority and then you should get the certificate back. Mine came in a *.crt format. This will have to be converted.

Convert Certificate to .PEM

5) Convert the certificate from a *.crt format to a *.pem format that Commit needs. Run this command:

openssl x509 -in [PATH TO CERT FROM CA].crt -out input.der -outform DER

And this command:

openssl x509 -in input.der -inform DER -out Cert.pem -outform PEM

Export Root SSL Certificate

6) You now have the Key.pem (created in step 3) and the Cert.pem (created in step 5). Last we need the Root.pem. To get that, go to Internet Explorer -> Tools -> Internet Options -> Content -> Certificates -> Trusted Root Certifcation Authorities Tab. Find the CA in the list from whom you purchased your Cert. In my case, it was Godaddy. Click on their name, and Click Export. Export as a Base-64 encoded X.509. Save the file with your other PEM files. Now go rename that file to Root.pem.

Import files into CommitCRM

7) Save Root.pem, Key.pem, Cert.pem in your Commitdir\Webinterface folder. Go to CommmitWebInterface.ini, and change the SSL Port to whatever you want and Set SSL Required to Y.

Restart CommitCRM to Finalize This Process

8) Restart the commit web interface service on your server and you should have SSL. You will need to connect to:

https:\\[fqdn]:[ssl port]

Done!!! All that's left to do is to test the SSL connection by using a web browser. If you have questions after reading this article, please contact CommitSupport.