Upgrading an existing certificate to a viewLinc-signed certificate - viewLinc 5.2

SSL/TLS certificates viewLinc 5.2
Document code
DOC254683EN
Revision
A
ft:locale
en-US
Product
viewLinc 5.2
Document type
Technical note
The following file types are supported for certificate files:
  • CRT
  • CSR
  • DER
  • PEM
  • PFX (pkcs7, pkcs12)
All files must be in Base-64 encoded X.509 format.

The keyfiles cannot have passwords.

As an alternative to adding the CA certificate locally, the certificate can also be issued by your local IT department using its domain controller. Once the certificate is issued by the IT department, the CA used to generate it is automatically available for all users in the domain.

If you have been using a certificate used with an older version of viewLinc (4.3.6 and earlier), or have an expired viewLinc-signed certificate, use the SignCSR.exe tool to generate a valid viewLinc-signed certificate.
  1. Back up the original file and configuration keys folder. This will allow you to revert back to the previous certificate if there are issues with the new ones.
  2. Copy the signing software, SignCSR.exe, and save the file to the C:\Users\Public\Documents\Vaisala\Vaisala viewLinc\config\keys folder.
  3. In the .\config\keys folder, drag the request file, viewLinc-yy-mm-dd.csr, and drop it onto SignCSR.exe.

    If your system does not allow you to drag and drop, use the CMD prompt (as admin) to move the request file onto SignCSR.exe.

    Ensure that the request file name is exactly the same as the existing file. The following files are created in the …\config\keys folder:
    • viewLinc-yy-mm-dd.csr
    • viewLinc-yy-mm-dd.crt
    • viewLinc-yy-mm-dd.key
  4. Open the Start menu, type services.msc, and press Enter to open Windows Services Manager. Restart the viewLinc Web Server service. Users who are currently logged in to viewLinc will need to log out and then log in again to establish a new, secure browser session.
  5. (Optional. This step is not possible in all deployments, and in some cases, installing a self-signed certificate in a trusted certificate store is not recommended.)

    Install the viewLinc-signed certificate on all client PCs:

    1. On each client PC, copy the viewLinc-signed certificate file (for example, viewLinc-CA.crt) to any desktop location.
    2. Right-click on the file and either:
      • Select Install Certificate or
      • Select Open and then select the Install Certificate button in the Certificate screen.
    3. In the Certificate Import Wizard Welcome screen, select Local Machine.
    4. On the Certificate Store screen select Place all, click Browse, and then select Trusted Root Certification Authorities. If you receive an unknown publisher warning, click OK.
    5. Click Finish, and then click Yes.
    6. Copy the certificate to all domain machines.
    Users who are currently logged in to viewLinc will need to log out and then log in again to establish a new, secure browser session.

    The generation and installation of a viewLinc-signed certificate is complete.