Differences

This shows you the differences between two versions of the page.

Link to this comparison view

zebradocs:install:win:cert [2018/11/05 12:20] (current)
Line 1: Line 1:
 +{{indexmenu_n>​110}}
  
 +# Generate Private CA Root Certificate
 +
 +For security reasons we strongly recommend that you generate your own CA root certificate for ZebraTester and import this root certificate into the OS and/or into Firefox.
 +
 +##
 +
 +If you install ZebraTester the first time on a Windows system it's strongly recommended that you create your own CA Root Certificate. Proceed as follows:
 +
 +* Download and install **OpenSSL** for Windows from [http://​slproweb.com/​products/​Win32OpenSSL.html](http://​slproweb.com/​products/​win32openssl.html)
 +
 +We recommend that you select "​**Win32 OpenSSL v1.0.1c**"​ (or a newer version). During installation **ignore any warnings** of OpenSSL. OpenSSL is needed only to generate the CA Root Certificate. You may also share the CA Root Certificate (root.cer) and its private key (privkey.der) with other members of your team.
 +
 +* Edit the file CreateOwnCARootCertificate.bat which is located in the ZebraTester installation directory (typically at c:​\users\<​your-name>​\zebratester).
 +
 +Modify the value for **OPENSSL_INSTALL_DIR** to point to your OpenSSL installation directory:
 +
 +![image](./​image_006.png)
 +
 +* Execute **CreateOwnCARootCertificate.bat –** as far as possible with Administrator rights:
 +
 +![image](./​image_007.png)
 +
 +* Enter any obvious input for your private CA Root Certificate:​
 +
 +```
 +This utility creates your own CA Root Certificate.
 +
 +You have to edit this script and set OPENSSL_INSTALL_DIR to point to your OpenSSL installation directory. Press any key to continue . . .
 +
 +Loading '​screen'​ into random state – done Generating a 2048 bit RSA private key
 +
 +.....................................+++
 +
 +....................+++
 +
 +writing new private key to '​privkey.pem'​
 +
 +-----
 +
 +You are about to be asked to enter information that will be incorporated into your certificate request.
 +
 +What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank
 +
 +For some fields there will be a default value, If you enter '​.',​ the field will be left blank.
 +
 +-----
 +
 +Organization Name (company) [My Company]:My Company
 +
 +Organizational Unit Name (department,​ division) []: Load Testing Team
 +
 +Email Address []: direct@d-fischer.com
 +
 +Locality Name (city, district) [My Town]:​Langenthal
 +
 +State or Province Name (full name) [State or Providence]:​Bern Country Name (2 letter code) [US]:CH
 +
 +Common Name (hostname, ip, or ca name) []:​ZebraTester Root Certificate (karl smith) Deleting old Web server certificates ...
 +
 +Could Not Find C:​\Users\mutong\ZebraTester\*.crt Could Not Find C:​\Users\mutong\ZebraTester\*.privkey Volume in drive C is OS
 +
 +Volume Serial Number is 6417-67CC Directory of C:​\Users\mutong\ZebraTester
 +
 +11.07.2015 01:04 1'217 privkey.der
 +
 +1 File(s) 1'217 bytes
 +
 +0 Dir(s) 376'​909'​885'​440 bytes free Volume in drive C is OS
 +
 +Volume Serial Number is 6417-67CC Directory of C:​\Users\mutong\ZebraTester
 +
 +11.07.2015 01:04 1'814 root.cer
 +
 +1 File(s) 1'814 bytes
 +
 +0 Dir(s) 376'​909'​885'​440 bytes free
 +
 +---
 +
 +Your CA Root Certificate is now created and can be imported into Windows and into Firefox. Restart ZebraTester to take effect.
 +
 +Press any key to continue . . .
 +```
 +
 +
 +* Restart the ZebraTester Console and verify your CA Root Certificate using the Web Admin GUI:
 +
 +![image](./​image_008.png)
 +
 +* Import the CA Root Certificate into **Windows**. Choose as certificate store **Trusted Root Certificate Authorities**:​
 +
 +![image](./​image_009.png)
 +
 +![image](./​image_010.png) ![image](./​image_011.png) ![image](./​image_012.png)
 +
 +![image](./​image_013.jpg)
 +
 +![image](./​image_014.png)
 +
 +![image](./​image_015.png)-
 +
 +Your CA Root Certificate is **listed with the name** as you have entered into the input field "​Common Name (hostname, ip, or ca name)"​.
 +
 +* Import your CA Root Certificate into **Firefox**. Enable the checkbox **Trust this CA to identify websites**:
 +
 +![image](./​image_016.png)
 +
 +![image](./​image_017.png) ![image](./​image_018.png)
 +
 +
 +
 +<- ./start ^ ../start ^ ./tune ->