Upgrading an existing certificate to a viewLinc-signed certificate - viewLinc 5.1

SSL/TLS certificates viewLinc 5.1

Document code
DOC246881EN
Revision
B
Language
English
Product
viewLinc 5.1
Document type
Technical note
The following file types are supported for certificate files:
  • CRT
  • CSR
  • PEM
All files must be in PEM format.

The keyfiles cannot have passwords or any other type of security. Generic and wildcard certificates cannot be used.

As an alternative to adding the CA certificate locally, the certificate can also be issued by your local IT department using its domain controller. Once the certificate is issued by the IT department, the CA used to generate it is automatically available for all users in the domain.
For viewLinc 5.1 SU3 or before, delete viewLinc-CA.crt before running SignCSR.exe. A new viewLinc-CA.crt file will be generated and used to sign the server certificate.
If you have been using a certificate used with an older version of viewLinc (4.3.6 and earlier), or have an expired viewLinc-signed certificate, use the SignCSR.exe tool to generate a valid viewLinc-signed certificate.
  1. Back up the original file and configuration keys folder. This will allow you to revert back to the previous certificate if there are issues with the new ones.
  2. Copy the signing software, SignCSR.exe, and save the file to the C:\Users\Public\Documents\Vaisala\Vaisala viewLinc\config\keys folder.
  3. In the .\config\keys folder, drag the request file, viewLinc-yy-mm-dd.csr, and drop it onto SignCSR.exe.

    If your system does not allow you to drag and drop, use the CMD prompt (as admin) to move the request file onto SignCSR.exe.

    Ensure that the request file name is exactly the same as the existing file. The following files are created in the …\config\keys folder:
    • viewLinc-yy-mm-dd.csr
    • viewLinc-yy-mm-dd.crt
  4. Open the Start menu, type services.msc, and press Enter to open Windows Services Manager. Restart the viewLinc Web Server service. Users who are currently logged in to viewLinc will need to log out and then log in again to establish a new, secure browser session.
  5. (Optional. This step is not possible in all deployments, and in some cases, installing a self-signed certificate in a trusted certificate store is not recommended.)

    Install the viewLinc-signed certificate on all client PCs:

    1. On each client PC, copy the viewLinc-signed certificate file (for example, viewLinc-CA.crt) to any desktop location.
    2. Right-click on the file and either:
      • Select Install Certificate, or
      • Select Open and then select the Install Certificate button in the Certificate screen.
    3. In the Certificate Import Wizard Welcome screen, select Local Machine.
    4. On the Certificate Store screen select Place all, click Browse, and then select Trusted Root Certification Authorities. If you receive an unknown publisher warning, click OK.
    5. Click Finish, and then click Yes.
    6. Copy the certificate to all domain machines.
    Users who are currently logged in to viewLinc will need to log out and then log in again to establish a new, secure browser session.

    The generation and installation of a viewLinc-signed certificate is complete.