To obtain a signed certificate from a CA, you must use openssl to generate a private key file and a certificate signing request (CSR) file. For testing purposes, you can obtain a free temporary certificate based on an untrusted root from many CAs.

Determine the fully qualified domain name (FQDN) that client computers use to connect to the host.

1

Open a command prompt and use openssl to create a private key file and a CSR file.

For example: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

2

When openssl prompts you for a common name, type the fully qualified domain name (FQDN) that client computers use to connect to the View Transfer Server host.

Important

If you type your name, the certificate will be invalid.

openssl creates the private key file and the CSR file in the current directory.

3

Send the CSR file to the CA in accordance with the CA's enrollment process and request a certificate in PEM format.

After conducting some checks on your company, the CA signs your request, encrypts it with a private key, and sends you a validated certificate.

4

If necessary, convert your certificate to PEM format.

Some CAs provide certificates in a format other than PEM. If you download this type of certificate, you must convert it to PEM format.

For example: openssl x509 -inform der -in certificate.cer -out certificate.pem

Configure the View Transfer Server instance to use the SSL server certificate. See Configure a View Transfer Server Instance to Use a Certificate.