The CSI Web Server manual says that a Private Key File and a Certificate File from a 3rd party Certificate Authority (CA) are required to enable HTTPS, but it doesn't explain how to obtain these things.
Can anyone provide step-by-step instruction for obtaining the Private Key File and Certificate File?
BTW, I have a WordPress website hosted by DreamHost and a CSI Web Server running on an Azure Windows Server 2012 VM. I was able to secure my website without too much trouble. The certificate signing request (CSR) was available on the DreamHost control panel, so I simply copied that CSR and pasted it into a form on the CA's website. The CA then provided the certificate file, which I pasted into the DreamHost control panel. DreamHost generated its own private key, which was listed in the control panel. After doing all those steps and then redirecting HTTP to HTTPS, everything was working fine.
I was hoping I could follow a similar series of steps to secure my CSI Web Server, but apparently it works completely differently. I tried to play around with OpenSSL a little bit, but I got really confused. Any help would be greatly appreciated.
I have successfully used the following website to create the key for HTTPS.
http://www.stellarwebsolutions.com/certificates/stellar_cert_builder.php?reset
After you have both files, go to CSI Web Server Admin and use your saved files on the HTTPS tab. The private key password can be anything you chose. It will be used when you access the site.
I followed the suggestion by @thommark, but I can't connect via HTTPS.
Here are the relevant links:
http://dataloggers.livetozero.com/InterlockHouse
https://dataloggers.livetozero.com/InterlockHouse
Could you tell me what version of CSI web server you are using?
I am using v1.03.23
That sounds like my exact set up. The last (long shot) idea I have is that maybe your HTTPS port is being blocked. Are you using the default 443 port?
Yes, I'm using port 443. I'm pretty sure it is unblock because I get a different browser error when I intentionally block it compared to when I unblock it.
The Status tab of the CSI Web Server administrator should provide some level of error message if it failed to load your private key and certificate files. I would check that first if you haven't already done so.
You can either use a self signed certificate or use a certificate provided by a certificate signing authority. If using a signed certificate, you will need to chain your certificate with one or more root certificates provided by the authority.
The steps for using openssl to generate a self signed certificate using openssl are as follows:
1- Use openssl to generate a private key file:
openssl genrsa -out private.key 1024
2 - Use openssl to generate the self-signed certificate:
openssl req -new -x509 -key private.key -out certificate.crt -days 12000
2.1 - When prompted enter the country code (US in your case) and press enter
2.2 - When prompted enter the state or province (Iowa in your case) and press enter
2.3 - When prompted enter your city and press enter
2.4 - When prompted enter the name of the organisation and press enter
2.5 - When prompted enter the section name (I leave it blank) and press enter
2.6 - When prompted enter the fully qualified domain name of the machine hosting the web server. This value must match the value specified in the "Server Name:" field in the CSI Web Server Administrator Configuration/HTTPS tab.
2.7 - When prompted enter your email address
At this point, you should have a private key and self signed certificate file that can be specified in the CSI Web Server Administrator Configuration/HTTPS tab. Because it is a self-signed certificate, the browser might balk at loading the page. On Chrome, I had to click on the "Advanced" link and then click on another link in order to convince the browser that my web site was legitimate. If you want to avoid this heart ache, you will need a signed certificate.
where can i download csi web server `?
I too have had a problem with the setup for https using CSI Web Server, but have figured out the solution and thought it best to share here ;-)
I'm using CSI Web Server Administrator 1.06 (but my problem applied in odler versions too) on a Windows 2012 Server.
Having obtained private key and certificate file, the status tab showed Protocol HTTPS (Port 443) status: "parse certificate file failed: PK - Read/write of file failed". I had my private key and cert file in my documents folder associated with my own user account on the Windows server. Once I moved the private key and certificate file into the folder C:\CampbellSci\CsiWebServer - everything worked! Seems like a user rights issue. Would probably apply equally on a regular Windows desktop OS. Seems obvious afterwards. This might be worth mentioning in future versions of the product manual.
Hi rainyday, thanks for you valuable sharing. I was facing exactly the same problem as you. After seeing your thoughful sharing, did as what you mentioned and then everthing works perfectly fine. Thanks.
This post is under review.