Security Certificate Management Tips - viewLinc 5.1

Vaisala viewLinc Enterprise Server version 5.1 User Guide
Document code
M212315EN
Revision
C
Language
English
Product
viewLinc 5.1
Content type
Product description
Product description > Features
Reference information
Document type
User guide

Why am I receiving a certificate error? Will it go away?

viewLinc requires certificate and security key files to establish a secure connection between network PCs and the viewLinc Enterprise Server. The files encrypt data and authenticate the viewLinc Web Server. If your system uses an automatically generated (viewLinc-signed) security certificate, users may see this error each time they log in, but it does not prevent user from logging in. To prevent the warning from appearing, set each user's browser to trust the certificate (for example, open Chrome and go to Settings > Advanced > Privacy and Security > Manage Certificates). Alternatively, purchase a trusted certificate from a Certificate Authority (CA). Updating the viewLinc-signed certificate with a trusted certificate automatically prevents certificate errors from appearing.

How do I install a certificate on local PCs?

  1. On each client PC, copy the certificate file (viewLinc-CA.crt) to any desktop location, then right-click on the file to select Install Certificate.
    For systems with many users, it may be more efficient to automate the installation of security certificates on client PCs. Contact your local IT group to determine whether distribution of certificates via Group Policy is an option.
  2. In the Certificate Import Wizard Welcome screen, select Local Machine.
  3. On the Certificate Store screen select Place all, click Browse, and then select Trusted Root Certification Authorities. If you receive an unknown publisher warning, click OK.
  4. Click Finish, then Yes.
    Users who are currently logged in to viewLinc must log out and then log in again to establish a secure browser session.

My security certificate has expired. Will viewLinc still run? How do I renew it?

If your certificate expires, you will start to receive a certificate warning in your browser, but viewLinc will continue to run. Use the certificate signing utility included on the viewLinc USB drive (SignCSR.exe) to generate a new viewLinc-signed certificate.

How do I purchase a trusted certificate?

Trusted certificates can be purchased from a Certificate Authority (CA). You will use a viewLinc-generated certificate request file (.csr) to purchase the trusted certificate.

  1. If you generated viewLinc-signed certificate files during initial installation, go to step 5.
  2. If you did not generate viewLinc-signed certificate files during initial installation, copy the certificate request software, CreateCSR.exe from the viewLinc installation USB drive to C:\Users\Public\Documents\Vaisala\Vaisala\viewLinc\config\keys folder.
  3. Drag your existing key file, viewLinc-yy-mm-dd.key, and drop it onto CreateCSR.exe.
  4. Answer the questions. This process generates a certificate request file (.csr).
  5. In your ….\config\keys folder locate the generated certificate request file (viewLinc-yyyy-mm-dd.csr). The date in the filename reflects the date it was created.
  6. Complete the purchasing steps required by your selected certificate signing authority.
  7. When you receive the trusted certificate:
    • If the trusted certificate is received as a file, save the file as viewLinc-yyyy-mm-dd.crt.
    • If the trusted certificate is received as text, copy all the lines between --------BEGIN CERTIFICATE--------- and --------END CERTIFICATE--------, and save as viewLinc-yyyy-mm-dd.crt.
  8. Replace the existing viewLinc-yyyy-mm-dd.crt file with the new trusted file in the viewLinc config\keys folder.
  9. Open Windows Services Manager.
  10. Restart the viewLinc Web Server service.

    Users who are currently logged in to viewLinc must log out and then log in again to establish a secure browser session.

Why am I unable to connect to viewLinc using my purchased certificate?

The properties of the purchased certificate may be incompatible with viewLinc. Review the information in Purchased Certificate Requirements. Alternatively, consider using a viewLinc-signed certificate.

How do I update my security certificate and key files?

viewLinc stores certificate and key files in the viewLinc installation directory. You can update the files at any time:

  1. Copy new files to the viewLinc Enterprise Server data directory (<data folder>\config\keys\).
  2. If the filenames are different from the original filenames, update the viewLinc.cfg file (<data folder>\config\viewLinc.cfg):
    [web]
privatekeyfile = <newname>.key
certificatefile = <newname>.crt
  3. Restart viewLinc Web Server (see Restarting viewLinc Enterprise Server).