SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a server, it activates the padlock and the HTTPS protocol and allows secure connections from a server to a browser.
Typically, SSL is used to secure credit card transactions, data transfer, and logins, and more recently is becoming the norm when securing browsing of social media sites.
Wisenet Wave Server utilizes a self-signed SSL certificate located in the certificate directory as a file called default.pem. It will be generated and renewed automatically when the Server restarts.
To improve Wave Server security, you can obtain a public/signed certificate from your preferred certificate provider and install it in the certificate directory as a file called cert.pem. A valid certificate should be issued by the Certificate Authority (CA) and contain the full certificate chain info, otherwise you will have to generate the Intermediate CA chain info yourself.
Obtaining a Custom Certificate
- Create a new file via a text editor and save it as cert.pem
- Open each certificate file you received from the CA in a text editor and extract the content:
a. Root CA (for example: ca_bundle.crt)
b. Server Certificate (for example: certificate.crt)
c. Intermediate CA (if not provided by your certificate provider, visit https://whatsmychaincert.com/ and enter the content from Server Certificate file to generate the content for the Intermediate CA)
d. Private Key (for example: private.key) - Add the content to cert.pem in the following format:
-----BEGIN PRIVATE KEY-----
... Private key content ...
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
... Server certificate content ...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... Intermediate CA content ...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... Root CA content ...
-----END CERTIFICATE----- - Save changes to cert.pem
Installing a Custom Certificate
Once you created the cert.pem file from the certificate files provided to you by your CA, take the following steps:
- Stop the Wave Server service.
- Navigate to the directory for the Wave Server SSL certificate.
Windows
C:\Windows\System32\config\systemprofile\AppData\Local<%COMPANY.NAME%><%COMPANY.NAME%> Media Server\ssl
Ubuntu
/opt/<%INSTALLER.NAME%>/mediaserver/var/ssl
- Move the cert.pem that you created to this location.
- Start Wave Server.