Difference between revisions of "Certificates"
IVSWikiBlue (talk | contribs) |
IVSWikiBlue (talk | contribs) |
||
| Line 8: | Line 8: | ||
<h1>How Do Server Certificates Work?</h1> | <h1>How Do Server Certificates Work?</h1> | ||
| + | |||
| + | {{hr - 2}} | ||
<h2>1. Certificate Issuance</h2> | <h2>1. Certificate Issuance</h2> | ||
| − | *A | + | *A '''Certificate Signing Request (CSR)''' file and a '''private key''' file can be generated on your server. |
| + | {{Aside - Helpful | content = If you need <b>help getting a CSR</b>, contact the [https://ivs.help IVS Support Team].}} | ||
*The CSR file will be sent to a '''Certificate Authority (CA)'''. | *The CSR file will be sent to a '''Certificate Authority (CA)'''. | ||
*The CA verifies the server's identity and issues a '''server certificate'''. | *The CA verifies the server's identity and issues a '''server certificate'''. | ||
| + | |||
| + | {{hr - 2}} | ||
<h2>2. Installation on the VALT Server</h2> | <h2>2. Installation on the VALT Server</h2> | ||
| − | * | + | *Once you have the cert, it can be installed, along with the private key, and the CA's root/intermediate certificates. |
| + | {{Aside - Warning | hue = 50 | content = The VALT cert needs to be be applied to multiple services. If it is applied to only the web application, fully functionality will NOT be restored.}} | ||
| + | {{Aside - Helpful | content = If you are looking to <b>install your certs</b>, please contact the [https://ivs.help IVS Support Team].}} | ||
| + | |||
| + | {{hr - 2}} | ||
<h2>3. Client Requests a Secure Connection</h2> | <h2>3. Client Requests a Secure Connection</h2> | ||
*When a client (browser) tries to connect to the server, it will present its certificate. | *When a client (browser) tries to connect to the server, it will present its certificate. | ||
| + | |||
| + | {{hr - 2}} | ||
<h2>4. Certificate Validation</h2> | <h2>4. Certificate Validation</h2> | ||
| Line 24: | Line 35: | ||
*If valid, the server and client establish an encrypted connection using TLS. | *If valid, the server and client establish an encrypted connection using TLS. | ||
*If not valid, the browser will show an error message. | *If not valid, the browser will show an error message. | ||
| + | |||
| + | {{hr - 2}} | ||
<h2>5. Secure Data Transmission</h2> | <h2>5. Secure Data Transmission</h2> | ||
*Once validated, encrypted data is exchanged securely. | *Once validated, encrypted data is exchanged securely. | ||
| − | |||
{{hr}} | {{hr}} | ||
<h1>What is Expected of Me?</h1> | <h1>What is Expected of Me?</h1> | ||
<ol> | <ol> | ||
| − | <li>An IVS Support Engineer will either create a CSR file and key file that can be provided to you to generate a certificate (or you can provide us with a wildcard certificate and key file)</li> | + | <li>An IVS Support Engineer will either create a CSR file and key file that can be provided to you to generate a certificate (or you can provide us with a wildcard certificate and key file).</li> |
<li>Once you have the certificate in hand, you will work with one of our Support Engineers to install the certificate alongside the private key and the CA's root/intermediate certificates.</li> | <li>Once you have the certificate in hand, you will work with one of our Support Engineers to install the certificate alongside the private key and the CA's root/intermediate certificates.</li> | ||
| − | <li>The Support Engineer will ensure proper system functionality after the certificate is installed</li> | + | <li>The Support Engineer will ensure proper system functionality after the certificate is installed.</li> |
</ol> | </ol> | ||
| + | {{Aside - Helpful | content = Looking to contact the [https://ivs.help IVS Support Team]?}} | ||
{{hr}} | {{hr}} | ||
Revision as of 19:30, 3 March 2025
Contents
Certificates
⚠IVS is not responsible for maintaining the renewal of certificates that may be installed on your system. We are happy to work with you to provide you with a CSR file or to install the renewed certificate on your VALT system when it is needed. We recommend that all customers setup a reminder to renew the certificate at least a week prior to certificate expiration.
A certificate is a digital file that is used to establish a secure connection between a client and a server (e.g., VALT). It is a key part of SSL/TLS encryption, ensuring that data transmitted between the two parties is encrypted and that the server is authentic.
How Do Server Certificates Work?
1. Certificate Issuance
- A Certificate Signing Request (CSR) file and a private key file can be generated on your server.
🕮If you need help getting a CSR, contact the IVS Support Team.
- The CSR file will be sent to a Certificate Authority (CA).
- The CA verifies the server's identity and issues a server certificate.
2. Installation on the VALT Server
- Once you have the cert, it can be installed, along with the private key, and the CA's root/intermediate certificates.
⚠The VALT cert needs to be be applied to multiple services. If it is applied to only the web application, fully functionality will NOT be restored.
🕮If you are looking to install your certs, please contact the IVS Support Team.
3. Client Requests a Secure Connection
- When a client (browser) tries to connect to the server, it will present its certificate.
4. Certificate Validation
- The client checks if the certificate is valid (not expired, issued by a trusted CA, and matches the domain).
- If valid, the server and client establish an encrypted connection using TLS.
- If not valid, the browser will show an error message.
5. Secure Data Transmission
- Once validated, encrypted data is exchanged securely.
What is Expected of Me?
- An IVS Support Engineer will either create a CSR file and key file that can be provided to you to generate a certificate (or you can provide us with a wildcard certificate and key file).
- Once you have the certificate in hand, you will work with one of our Support Engineers to install the certificate alongside the private key and the CA's root/intermediate certificates.
- The Support Engineer will ensure proper system functionality after the certificate is installed.
🕮Looking to contact the IVS Support Team?
Supported Certificates Types with VALT
- Single Certificate with Subject Alternative Names (SANs)
- Wildcard Certificate
⚠Certificates can be provided in PEM or PFX (or PKCS12) format.
