Skip to main content
Skip table of contents

SSL Certificates content and format

The certificate that is requested during the installation of Veridium Server has a great importance:

  1. It will allow Veridium Service to work in the domain/domains of customer infrastructure as a trusted platform

  2. It will allow the usage of iOS and Android Devices with Veridium Service inside on-prem setup’s

  3. It will establish a trusted communication during the installation of the components stack used inside Veridium Service

The Veridium Server installer accepts multiple types of certificates:

  1. W686

  2. ildcard type

  3. e.g: *.veridium-dev.com
    where is every subdomain/suffix of server existing in the domain
    .veridium-dev.com is the domain name

  4. subdomain

  5. multidomain

  6. single domain

We recomand buying a valid globaly SSL certificate instead of self-signed Certificate. Using a self-signed certificate will require configuring manually to trust the root CA that generated the certificate.

When using a certificate issued from an internal WINDOWS CA, wildcard will cause issues for OPA service. The workaround is to issue the certificate with proper SAN for your service ( WIP to resolve)

Request your certificate with csr values accordingly to your organization information

Depending on the deployment, Veridium service will be working either by:
Port Mapping - a single DNS record needs to be performed for accesing the server

e.g: vid.domain.com ( which includes endpoints like vid.domain.com:9987/ssp )
SNI Mapping - Multiple unique DNS records are required inside the certificate

After aquiring the certificate, make sure you have the files either in pem format or .p12 format:

  • PEM format:

    • one file will contain the certificate and chain .pem extension together (No empty lines between them)

    • one will contain the private key with .pem extension

  • .P12 format which contains:

    • Root CA

      • one or more intermediate cert

        • SSL certificate + Private Key

Example:

PEM format

.P12 format

certificate.pem example:
 
-----BEGIN CERTIFICATE-----
MIIGQTCCBSXXXXXXocqP
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBMFgK
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF3jCCA8agAwIBnKkKj9
-----END CERTIFICATE-----

This format is available after is created from
Root CA
one or multiple intermediate cert
SSL certificate & Private Key
 
Examples:
ROOT.crt
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqYbg==
-----END CERTIFICATE-----
IntermediateCACertificate.crt
-----BEGIN CERTIFICATE-----
MIIGGTCCBAGgAYYaA7jBU=
-----END CERTIFICATE-----
SSLWILDCARD.crt
-----BEGIN CERTIFICATE-----
MIIGpDCCBYygAiXJKYiog
-----END CERTIFICATE-----
PrivateKey.key
-----BEGIN PRIVATE KEY-----
MIIEvgIBADN+gfdgfxbYRP
-----END PRIVATE KEY-----

privatekey.pem example:
 
-----BEGIN PRIVATE KEY-----
MIIEvgIYRP
-----END PRIVATE KEY-----

password is required once the .p12 is created

After obtaining the certificate, make sure you clear the lines spaces from your certificate

Not OK

OK

We accept encyption up until RSA 4096

Create certificate for Deployment - CONVERT instead !!

Files received when certificate is acquired: certificate.crt CertificateBundle ( chain of certificates) private.key
Edit certificate.crt and include files from CertificateBundle
Transfer to machine with openssl

PFX:

  1. openssl pkcs12 -export -out *.veridium-poc.pfx -inkey private.key -in certificate.crt

  2. type password

  3. output file will be *.veridium-poc.pfx (or similar)

PEM:

  1. openssl x509 -inform PEM -in certificate.crt > certificate.pem

  2. openssl rsa -in private.key -text > private.pem

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close