Javascript must be enabled to download our products and perform other essential functions on the website.

This help page is for version 4.2. The latest available help is for version 9.4.

Custom SSL Certificate

PA File Sight can use your own SSL certificate instead of the default self-signed certificate.

If at any time there are any problems with certificates, you can always delete the C:\Program Files\PA File Sight\CA folder and restart the service -- a new self-signed certificate will be created.

Use your own existing certificate

  1. You will need to get your certificate into PEM format if it isn't already (there are a number of utilities that can do this that you can find on the Internet. Try searching for something like 'convert {your cert type} to PEM')
  2. Save the certificate's private key file as CLIENT_PRIVATE.pem to C:\Program Files\PA File Sight\CA
  3. Save the SSL certificate to C:\Program Files\PA File Sight\CA\SIGNED_CLIENT_CERT.pem
  4. PA File Sight 4.2 Ultra will need to know the password for the private key. You can specify this by running the following command in C:\Program Files\PA File Sight:

    diag.exe /SETCONFIG=SSLCertPKPW:{password}

    This will encrypt and store the password with a machine-specific key in the registry. To erase the password, run:

    diag.exe /SETCONFIG=SSLCertPKPW:
  5. Restart the PA File Sight service and it will now be using your SSL certificate.

Create your own new certificate

  1. Go to the C:\Program Files\PA File Sight\CA folder
  2. Create a folder inside CA named NewCert.
  3. Copy Client.cnf from CA into NewCert
  4. Open NewCert\Client.cnf in a text editor. Go to the PACA_dn section near the bottom and edit the values as you like (C=Country, ST=State/Province, L=City). Change the CN value to the hostname of your server. Some SSL certificate providers expect to see a dot in the name, so the public name of your server would best (something like monitor.mydomain.com). Note that depending on the SSL provider that you use, the subjectAltName field might be ignored which is where additional machine names are mentioned.
  5. Open a command prompt and change directory to C:\Program Files\PA File Sight\CA\NewCert
  6. Run ..\..\openssl.exe req -newkey rsa:2048 -keyout "C:\Program Files\PA File Sight\CA\NewCert\CLIENT_PRIVATE.pem" -keyform PEM -out "C:\Program Files\PA File Sight\CA\NewCert\CLIENT_CERT.pem" -outform PEM -rand openssl.exe -config client.cnf
  7. This will create two new files:
    CLIENT_CERT.pem -- this is the Certificate Request file that you will send/copy to the SSL certificate vendor (like Verisign, GlobalSign, etc)
    CLIENT_PRIVATE.pem -- this is the private key file for this certificate. This file will need to remain on the server, but should be kept private.
  8. To see what you are sending to the SSL provider, run:
    ..\..\openssl req -in "C:\Program Files\PA File Sight\CA\NewCert\CLIENT_CERT.pem" -noout -text
  9. After sending CLIENT_CERT.pem to an SSL provider, you will get back a certificate file. Save the file (in PEM format) to:
    C:\Program Files\PA File Sight\CA\SIGNED_CLIENT_CERT.pem
  10. When the above file is copied, also copy C:\Program Files\PA File Sight\CA\NewCert\CLIENT_PRIVATE.pem into the CA folder
  11. You can optionally delete the NewCert folder at this point.
  12. Restart the PA File Sight service and it will now be using your SSL certificate.
 

PA File Sight

Help Map