Using Internally Generated Certificates
If you are using certificates from an internal (non-well-known) Certification Authority (CA), you will need to place all appropriate CA certificates, starting with the Root CA, along with any issuing subordinate CA certificates, in the
/opt/codelogic/root_certs directory. It is not necessary to rename these certificates.
All certificates need to be in PEM format and the private key for the issued server certificate needs to be in a separate key file (
For additional information on generating certificates see the links below.
Windows - https://aventistech.com/2019/08/09/generate-csr-from-windows-server-with-san-subject-alternative-name/
Linux - https://www.golinuxcloud.com/openssl-subject-alternative-name/
Below are an example commands to convert DER and PKCS12 format to PEM and Key files as needed by CodeLogic.
All of the following commands assume sudo or sudo su.
Will result in two files, a PEM formatted certificate file and KEY file, provided the DER encoded certificate includes a private key:
openssl x509 -inform der -in <DER_certname>.cer -out <PEM_certname>.crt
Use the above command to convert any DER format certificated, such as a DER encoded private root CA issued from a Microsoft AD-integrated internal CA, or server certificated issued in DER format.
The server certificate must be named codelogic.crt and the keyfile should correspondingly be named codelogic.key. The issuing CA and related chain certificates do not require specific naming.
If using an exported PKCS12 (PFX) server certificate package, run the following commands to export a DER encoded certificate and requisite private KEY file.
openssl pkcs12 -in <name_of_source_cert>.pfx -clcerts -nokeys -out codelogic.crt openssl pkcs12 -in <name_of_source_cert>.pfx -out codelogic.key -nodes -nocerts
Copy the certificate and key files to
Once the certificates are placed in the appropriate locations, restart the CodeLogic Server.
systemctl restart codelogic