Custom TLS/SSL Certificate

Hint

  • TLS (the successor of SSL) is the only secure protocol that is used, but in combination with certificates the term SSL is still used very often.

  • Basic knowledge about TLS-certificates is required, this document expects a certain level of familiarity with TLS and X.509 certificates.

  • The IACBOX does only support PEM certificates, DER certificates have to be converted.

  • The key file must not be password protected.

  • Intermediate certificates have to be appended to the CA file.

  • System administrators are in charge to backup the key-files and store them securely.

Using a custom certificate

Navigate to Network / Settings and click on the tab Custom certificates. Select New certificate … and choose all three needed files (in PEM format) and click one of the Upload buttons. If the certificate matches the uploaded CA and is valid this is shown after the upload.

../_images/custom_ssl_certificate_en_2.png

This new certificate/domain can be selected for the Office-LAN or Surf-LAN. Click on the corresponding tab and select it under Host- and Domainname.

../_images/custom_ssl_certificate_en_1.png

Wildcard

If you have a wildcard certificate an additional text field for the subdomain is shown in front of the certificate selection.

../_images/custom_ssl_certificate_en_3.png

Finally click on Save. You have to reboot the system now to see the new domain and it’s certificate.

CSR Generator

With the CSR Generator you can generate your own Certificate Signing Request on the IACBOX. Make sure that you save all the generated data. After generating the CSR request it has to be signed by a CA (certificate authority).

You will then receive your new certificate which you can upload as shown above.