KB-127299: Certificate

Certificate

HTTPS communication uses its own octoplantcertificate: server.pm. Some browsers recognise this certificate as not trusted and display a warning. You have the following options to continue with the opening:

  • Such warnings can simply be ignored in most cases (Refer to link at the end of the page) If you decided to do this, ensure that the warning will always be bypassed every time.
  • The certificate can be deemed to be trustworthy. This is of particular advantage for test purposes. This step is to be done for every device manually. This is therefore different for every device. Please keep in mind the security risks that this act can entail.
  • The octoplant certificate can be replaced by your own certificate. This is the costliest and securest option.

Note

The octoplantcertificate can be found in the installation folder of the server underthe path …Resourcescert.

  • Requirements for own certificates
  • A certificate signing request (CSR) will be required. You can obtain the necessary information from the respective certification authority. Thereupon you will receive the certificate.

Note

We ourselves neither issue nor countersign such certification.

  • Certificates have to be provided in PEM format. To check whether a certificate is available in this format, open the file in a text editor (for example, Notepad) The file needs to contain the following rows:
  • —–BEGIN CERTIFICATE—–
  • [A few signs]
  • —–END CERTIFICATE—–
  • —–BEGIN RSA PRIVATE KEY—–
  • [ Many signs]
  • —–END RSA PRIVATE KEY—-

Note

  • The number of hyphens has a meaning. This is therefore not allowed to be changed.

Note

The certificate in PEM format can also consist of two files, a file with BEGIN CERTIFICATE and END CERTIFICATE and two files with  BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY.

  • In the case that the BEGIN CERTIFICATE as well as BEGIN RSA PRIVATE KEY rows are present in the document, it consists of a combination of certificate and key in a file. The respective values of the INI file have to be refered to in this file. Refer to Example configuration in making changes in the file Config.ini
  • Making changes in the file Config.ini
  • To use another certificate, you need to modify the Config.inifile. Your Config.ini file needs to include the path to the certificate, the private key and the corresponding dh2236.pem-file. (In the case of filedh2236.pem, it concerns a Diffie-Hellmann Parameter,which is used in cryptography.)

Note

You can find the Config.ini file in your server archive under the path …VD$AWebServer. – Example configuration:

  • [httpd ]
  • ssl_certificate=d:vdServerArchiveVD$AWebServerMyCertmyCert.pe m
  • ssl_private_key=d:vdServerArchiveVD$AWebServerMyCertmyCert.pe m
  • ssl_tmp_dh=d:vdServerArchiveVD$AWebServerMyCertdh2236.pe m

Note

After replacing the certificate, the web server needs to be deactivated then reactivated.

ResourcesImages_sharedFAQ.png

The web server is set up with the octoplant certificate. Why can’t the MobileApp be used on my iOS-smartphone?

The octoplant certificate is a self-signed, and therefore from Apple’s point of view an untrusted certificate. To use it, the certificate must be added to the iOS device.

The easiest way to do this would be:

  1. Export the certificate as a CER file (Base64 encoded X.509 certificate).
    1. Access the website with a web browser.
    2. Click on the lock symbol in the browser address line.
    3. A dialog will then open. Here, click on the entry certificate.
    4. The dialog Certificate will then open. Click on Copy into file.
  2. Send the file with the certificate to the apple device.
  3. Open the certificate on the smartphone using the Safari browser.
  4. Install the certificate.
  5. To activate the certificate, go to General > Info > Certificate settings > Full trust for root certificates.

For more information, please contact Apple support.


Last update: September 15, 2023

Related Articles

IMPRINT | PRIVACY POLICY | COOKIE POLICY

Privacy Preference Center