Online Help

• ControlAP SSL Certificate Configuration:

The Java "keytool" utility (found in the java/bin folder or jre/bin folder) is used to configure SSL use with ContorlAP. By default ControlAP creates a self-signed certificate using the name you set for the hotspot (name is set in ControlAP Admin or Settings) amd creates a keystore filename named ".keystore" (note the "." in the name). ControlAP uses this file to setup the SSL web server connections for the ControlAP Admin and in the case of ControAP Pro, the Hotspot login and Hotspot Admin connections
.
1. From command line run the following replacing mydomain.net with your domain as well as replacing the city, state and 2 letter country code:

   keytool -genkey -alias controlap -keypass changeit -storepass changeit -keyalg RSA -keystore .keystore
   What is your first and last name?
     [Unknown]:  mydomain.net
   What is the name of your organizational unit?
     [Unknown]:  mydomain.net
   What is the name of your organization?
     [Unknown]:  mydomain.net
   What is the name of your City or Locality?
     [Unknown]:  New York
   What is the name of your State or Province?
     [Unknown]:  NY
   What is the two-letter country code forthis unit?
     [Unknown]:  US
   Is CN=mydomain.net, OU=mydomain.net, O=mydomain.net, L=New York, ST=NY, C=US correct?
     [no]:  y

Note: to be consistent with Java's SSL, keep the password to the store as shown, "changeit" despite the name dont' . You would need to be physically able to access the file to compromise it.


2. From the command line create the Certificate Signing Request:
   
      keytool -certreq -alias controlap -keyalg RSA -file csr.txt -keystore .keystore
      Enter keystore password:  changeit
   
   Now submit the resulting Certificate Signing Request to your CA (the contents of the csr.txt file just created).
   
   Warning: do not delete the ".keystore" file you just created - make a backup of this file at this point.
   
   
3. Once you receive your SSL Web Certificate (usually by email):
   
   You must first export the certificate in "der" format as follows:
   a. Copy your web server certificate into a text editor such as notepad and save as yourdomain.cer on a Windows machine with IE 5+.
   b. Copy the root CA certificate (not the web certificate) into a text editor and save as root.cer on a Windows machine with IE 5+.
   c. Double-click the root.cer and select the Details tab, then Copy to File, then select the Base-64 option, give your copied certificate a file name of root_der.cer
   d. Double click the youdomain.cer and select the Details tab, then Copy to File, then select the PKCS#7 (p7b) option, also select the Include all certificates in the certification path, give your copied certificate a file name of yourdomain.p7b
   
   The following certificate installations must be executed in the stated order.
   
   Import the root_der.cer file using:
   
   keytool -import -trustcacerts -alias root -file root_der.cer -keystore .keystore
   Enter keystore password:  changeit
   
   Import the yourdomain.p7b file using:
   
   keytool -import -trustcacerts -alias controlap -file yourdomain.p7b -keystore .keystore
   Enter keystore password:  changeit
   

You are now ready to securely offer SSL authentication.

Note: If you purchase a chained SSL certificate instead of a root certificate, you will need to import an additional certificate into your store between the root certificate and your web certificate. Follow the same directions as the root certificate for the chained certificate (use a different name).


• ControlAP Help:
• ControlAP Standard Help
• ControlAP Plus Help
  


• Frequently Asked Questions: 
  • FAQ