Loading...
 
General

Exporting an SSL Certificate

Overview

Products that contain a web interface that offers secure HTTPS access typically use a Self-Signed SSL Certificate.   When accessing the web interface, you may get a warning page that informs you that the certificate is not trusted, but allows you to continue to the web interface.

To suppress the browsers warning page, you should export the certificate from the product and add it to your computers local Certificate Store/Key Chain.

There are a couple of ways that you can acquire the certificate, the first and easiest is to use your web browser and the second is to use OpenSSL.

Web Browser

Google Chrome

  • Click on the Padlock icon in the URL address bar.
  • Click on the Certificate(Valid) option in the list.
  • On the Certificate dialog window, go to the Details tab.
  • Click on the Copy to File button.
  • Select the Base-64 encoded X.509 (.CER) format and click the Next button.
  • Specify a file name and location for the Certificate to save a copy.
  • Click Next and then the Finish button.

Microsoft Edge

  • Click on the Padlock icon in the URL address bar.
  • Click on View Certificate
  • On the Certificate Information window, click Export to file.
  • Specify a file name and location for the Certificate to save a copy.
  • Click Save

Microsoft Internet Explorer

  • Click on the Padlock icon in the URL address bar.
  • Click on View Certificate
  • On the Certificate dialog window, go to the Details tab.
  • Click on the Copy to File button.
  • Select the Base-64 encoded X.509 (.CER) format and click the Next button.
  • Specify a file name and location for the Certificate to save a copy.
  • Click Next and then the Finish button.

OpenSSL

Use OpenSSL instead to retrieve the certificate. The example below is using Linux,

$ echo | openssl s_client -servername NAME -connect HOST:PORT |\
sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > certificate.crt

Explanation :

>>connect HOST:PORT :- The host and port to connect to
>>server name NAME :- The TLS SNI (Server Name Indication) extension (website)
>>certificate.crt :- Save SSL certificate to this file

Example:

$ echo | openssl s_client -servername google.com -connect google.com:443|\
sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > certificate.crt

Importing the Self-Signed Certificate

On Windows, the following instructions will add the certificate to the local store. This will allow the web browser to trust the certificate on the Product.

  • Open the MMC (Start > Run > MMC).
  • Go to File > Add / Remove Snap In
  • Double Click Certificates
  • Select Computer Account.
  • Click Next.
  • Select Local Computer
  • Cliock Finish
  • Click OK to exit the Snap-In window.
  • Click + next to Certificates > Personal > Certificates
  • Right click on Certificates and select All Tasks > Import
  • Click Next
  • Click Browse
  • Select the .cer, .crt, or .pfx you would like to import. Click Open.
  • Click Next
  • Select Automatically select the certificate store based on the type of certificate.
  • Click Finish & OK
Page last modified on Friday May 1, 2020 12:03:18 GMT-0000