Certificates are required to configure Remote Agent to use secured HTTPS protocol to communicate with the Databridge server.
Obtain and prepare the certificates prior to installing the Remote Agent. Request certificates from the 3rd party Certification Authority (CA) of your choice and select Apache Web Server if you are asked for the type of web server used for the certificates.
HxGN EAM Remote Agent Apache/mod_ssl requires server certificate, intermediate CA and private key in PEM format. Signed certificates usually have extensions such as .pem, .crt, .cer, and .key. In Remote Agent ssl configuration, .crt is the accepted extension used for server certificate (for example, server_pem.crt) and CA certificate (for example,. CA_pem.crt). No other encoding and file extension is allowed. Usually CA_pem.crt contains intermediate CA or root CA or both. It is important to establish a complete "Chain of Trust" certificate for two-way Client authentications between the Remote Agent and Databridge server.
Intermediate certificate is used by all major Certification Authorities (CA) because of the extra high level of security they provide when issuing digital certificates. An intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. An intermediate certificate resides between an end entity certificate and a root certificate. They help complete a "Chain of Trust" from your certificate back to the root CA certificate. You must complete an additional step in the installation process when using an intermediate certificate to enable your site certificate to be chained to the trusted root, and not show errors during SSL handshake. If you don't install the intermediate certificates with your issued SSL certificate, the trusted-chain certificate might not be established. After your SSL certificate is issued, you will receive an email from your SSL certificate vendor with a link to download your signed certificate and intermediate certificates. If you do not receive the email, ask your SSL certificate vendor to issue an intermediate certificate or to provide the location from which you can download the intermediate certificate from their official website.
When you receive the certificate files from the SSL vendor, rename and assemble them into InforEAM_PKI. zip file which will be used during the installation of the remote agent:
-
Rename your signed server certificate (in PEM format) received from your SSL vendor to server_pem.crt file.
-
Rename the private key file that you used to generate CSR to server_pem.key file.
-
Copy the root CA and intermediate as a single bundle in PEM format into CA_pem.crt file.
-
In your temporary working folder, create server subfolder, then move server_pem.crt file and server_pem.key file into server sub-folder.
-
Create CA sub-folder, then move CA_pem.crt file into CA sub-folder.
-
Zip up CA and server sub-folders with their contents into InforEAM_PKI.zip file.