Documentation
Documentation
Start typing to search…

Installing an HTTPS certificate

These instructions apply to get the certificate from https://letsencrypt.org and installing it. The same instructions might partially apply to other providers too. The commands must be executed when the View server is running with HTTP-serving already enabled in port 80. If you have any directory access limitations, you have to lift them for the directory /srv/miaroot/.well-known/acme-challenge/ before you proceed. This can be done by creating the directory and placing a web.config with the following contents to the directory:

<configuration>
   <system.webServer>
      <directoryBrowse enabled="false" />
      <staticContent>
         <remove fileExtension="" />
         <mimeMap fileExtension="" mimeType="text/plain" />
      </staticContent>
      <security>
         <ipSecurity allowUnlisted="true">
            <clear/>
         </ipSecurity>
         <authentication>
            <clear/>
            <anonymousAuthentication enabled="true" />
         </authentication>
      </security>
   </system.webServer>
</configuration>

After that, you can proceed with the actual commands. On second step when packaging to .p12 you need to give secret "vtrincert".

certbot certonly -d mydomain.com -a webroot --webroot-path /srv/miaroot --text
openssl pkcs12 -export -in /etc/letsencrypt/live/mydomain.com/cert.pem -inkey /etc/letsencrypt/live/mydomain.com/privkey.pem -out vtrincert.p12

Then if using mono, you can add it to mono certificate store:

certmgr -add -c -pem -p <password_from_the_previous_openssl_command> -m My vtrincert.p12

Finally, set the certificate in the /srv/miaroot/view/web.config to the correct value in mono store,

<add key="CertificateName" value="mydomain.com" />

If using dotnet core, you have to refer to the certificate as file in Netserver configuration:

<add key="CertificateName" value="/usr/share/cpmplus/netcore/vtrincert.p12" />

Installing self-signed HTTPS certificate

If you use a lab certificate, you can create it in the same way as with Windows and then export both private key and certificate to p12 format. Make sure the friendlyname in certificate and Vtrin server config match. vtrincert is the default friendlyname. Then use the same step as with letsencrypt certificate:

certmgr -add -c -pem -p <password used for private key in export> -m My vtrincert.p12

You can also specify the .p12 (same as pfx) file name in the Vtrin-NetServer config.

Updated 5 months ago