SSL for On-Premises

SSL for On-Premises includes the following:

Generate a Certificate Signing Request for SSL

Note: The CA Agile Central On-Premises Web server requires the (standard) X.509 digital certificate format. Our system uses OpenSSL 1.1.0 and supports TLS 1.2. Weak ciphers from TLS 1.2 and previous protocols (TLS 1.1, TLS 1.0, SSL 3, and SSL 2) have been disabled to improve security.

CA Agile Central On-Premises solution is shipped with a default, self-signed SSL certificate. Customers can generate their own certificate, purchase a certificate from a third party vendor, or use the CA Agile Central certificate that is installed by default.

The following commands outline how to generate a SSL certificate from a third party vendor:

Note: These steps are based on the assumption that the openssl command is available on the system used to create the private keys. You do not need to be on the CA Agile Central machine to do this, but the steps below were created using a Linux machine. The steps may differ on a Windows machine with OpenSSL.

  1. Generate a private key:
    openssl genrsa -des3 -out www.mydomain.com.key 1024
  2. Generate a Certificate Signing Request (this certificate will be used to generate our ssl certificate on the third party's site):
    openssl req -new -key www.mydomain.com.key –out www.mydomain.com.csr
  3. Remove the passphrase from the key:
    cp www.mydomain.com.key www.mydomain.com.key.org
    openssl rsa -in www.mydomain.com.key.org -out  www.mydomain.com.key
  4. Submit your request to your third party vendor.
    The SSL certificate that is obtained should be a single root or unchained certificate. This file will used in combination with the key generated in Step 1 to upload to our On-Premises image.
  5. Verify the format of your certificate by opening the crt file using a text editor. This file should have the same format as the one below:
    -----BEGIN CERTIFICATE-----
    MIIDdTCCAt6gAwIBAgIJAMCxA1Rf4qmoMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYD
    VQQGEwJVUzELMAkGA1UECBMCQ08xEDAOBgNVBAcTB0JvdWxkZXIxGjAYBgNVBAoT
    EVJhbGx5IERldmVsb3BtZW50MRQwEgYDVQsxMC4zMi4xJNSuhdoNi44NDEkMCIGCSqG
    SIb3DQEJARYVaGF6ZXZlZG9AcmFsbHlkZXYuY29tMB4XDTE0MDQxMTAwNTUxNFoX
    DTE0MDUxMTAwNTUxNFowgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEQMA4G
    A1UEBxMHQm91bGRlcjEaMBgGA1UEChMRUmFsbHkgRGV2ZWxvcG1lbnQxFDASBgNV
    BAMTCzEwLjMyLjE2Ljg0MSKSBdlnQYJKoZIhvcNAQkBFhVoYXpldmVkb0ByYWxseWRl
    di5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMOOLNLGv4d/9oHTrN/a
    R49Lw5vYKpjZiGu/MoavjRiaCxgAQqha4xaMIDuMoIWzsbu7fNIdysMlmReyhTw5
    2Fa5FHx3ZIJLBUtOSWjWbm6IvVdDPTv2Zu9lhq9zFzWgMm59nlG2ALDmJXcbjDVc
    S2geX1P6zEH3HvmwYV/bC+7tAgMBAAGjgewwgekwHQYDVR0OBBYEFFBVI+GcTu1U
    56+9Ekq4ybUK76GBMIG5BgNVHSMEgbEwga6AFFBVI+GcTu1U56+9Ekq4ybUK76GB
    oYGKpIGHMIGEMQswSOHOVQQGEwJVUzELMAkGA1UECBMCQ08xEDAOBgNVBAcTB0Jv
    dWxkZXIxGjAYBgNVBAoTEVJhbGx5IERldmVsb3BtZW50MRQwEgYDVQQDEwsxMC4z
    Mi4xNi44NDEkMCIGCSqGSIb3DQEJARYVaGF6ZXZlZG9AcmFsbHlkZXYuY29tggkA
    wLEDVF/iqagwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQC7rq/Ts/bW
    YwTGV/fZ+I029iztg7KNP6dP3jA4DJwVSgnyvbqpGWqEqmLNqRpNOA6FLlmWC8eo
    mqKH6QLVALgUreAGu5NKyIWDAFDT8Z2jj/8fEz7CxX9fqeZNhrLqfKrAJev2ZS0Q
    lE1MK2Apss6uzxe9/Oiug48MMZTMwtx7Kw== -----END CERTIFICATE-----
  6. Use the crt file the vendor sends you in combination with the key file you generated to upload to your On-Premises Image.

Install an SSL Certificate

  1. Generate or purchase your certificate (this should be a single root or unchained certificate) and copy your certificate (.cert) and key (.key) files to the CA Agile Central server.
  2. Copy them to a convenient place where you may easily access them for installation.
    Important: Do not create a password for your key file. If you create a password for your key file, the Apache web server prompt you for the password, and you will be unable to supply it through the console interface.
  3. From the Control Panel, select the Feature menu, then Server Settings.
  4. Select the SSL Certificate tab .
  5. Select Choose File next to the SSL Certificate indicator to locate your SSL certificate (.cert) file.
  6. Select Choose File next to the SSL Key indicator to locate your SSL key (.key) file.
  7. If your SSL Certificate is a chained certificate, select the Chain Certificate File checkbox.  
  8. Select Choose File next to the SSL Certificate Bundle indicator to locate your SSL Certificate Bundle file.
  9. Select Upload to upload and install your certificate and key files.
  10. Restart the server.

Feedback

Need more help? The CA Agile Central Community is your one-stop shop for self-service and support. To submit feedback or cases to CA Agile Central Support, find answers, and collaborate with others, please join us in the CA Agile Central Community.