Cortado Support

My Tickets Visit www.cortado.com
Welcome
Login

Setting up root and server certificates

Overview

Import server certificate

Import root certificate

Generate server certificate

Export root certificate

Export server certificate

Generate root certificate

Overview

Root, server, and client certificates can be purchased from a official certification authority (CA). For Cortado Server, you need a purchased server certificate.

Note! The Cortado server can generate server and client certificates for you if you use a root or root certificate purchased from a official certification authority. This root certificate must first be imported (including the private key) into the certificate store of the Cortado server.

The options described below can be found either in the Configurations Assistant that you used for the initial configuration of Cortado Server or in the Administration Portal under Administration→ Certificates under Server Certificates.

a screen shot of the certificate wizard.

Cortado Management Console, above right: Create, import or export root cer­tificate, centre right: Create, import or export server certificate

How to configure the Apple Push certificate see the article Set up Apple Push Certificate.

The procedure for setting up a client certificate mode is described in the section Establishing client certificates (optional).

Note! Cortado Server offers the option to generate self-signed root and server certificates in the configuration wizard (during initial configuration) and in the administration portal. Both Google and Apple have not supported self-signed root and server certificates for some time now. It is therefore mandatory to purchase a server certificate from an authorized certificate authority. Optionally, you can also purchase a root certificate from an authorized certification authority and derive a server certificate (and client certificates, if applicable) from it. Deriving the server certificate is possible in the Cortado server administration portal and is described in this article.

Import server certificate

You can upload your purchased server certificate either in the configuration wizard (during basic configuration) or subsequently in the management portal.

  • To do this, select Administration→ Certificates→ Server Certificates→ Import Server Certificate (SSL) in the Administration Portal (arrow in illus.).
Note! Please note that your purchased server certificate must first be imported into the certificate store of the Cortado server under Certificates (Local Computer)→ Per­sonal→ Certificates.

a screenshot of a web page with a certificate.

Note! If you use a purchased server certificate, you do not need to perform any of the following steps!

Import root certificate

You can import a root certificate purchased from an authorized certificate authority. You must then generate a server certificate derived from it.

  • To do this, select Administration→ Certificates→ Server Certificates→ Import Root Certificate in the Administration Portal.
  • Then select your certificate and enter the certificate password.

a screenshot of the root certificate screen.

Generate server certificate

You can generate a server certificate with Cortado Server if you use a root certificate purchased from an authorized certification authority.

Cortado Server generates a new server certificate automatically if you:

  • select the option Create new self signed server certificate in the Configuration Assistant or
  • select the option Generate server certificate (SSL) in the Administration Portal (see image).

Note! The server certificate which is created here (if necessary) contains the server address which you have specified in the Configuration Assistant’s Cortado server address menu (see illus.). This address is also shown in the Administration Portal under Settings→ Connections (see illus.). Make sure that – on the one hand – this address is reachable from the devices and – on the other hand – the users use exactly this address for connections to the User Portal as well as to the web app. Otherwise certificate errors can occur in the device’s Internet browsers.

Connection settings in the Configuration AssistantConnection settings in the Cortado Management Console

Export root certificate

In addition, the purchased root certificate can be exported with or without private key using the options Export Root Certificate.

  • To do this, select Administration→ Certificates→ Server Certificates→ Export Root Certificate in the Administraion Portal.

export root certificate

Export certificate with private key

Export the root certificate with a private key in .pfx format.

Note! Only export the private key if you want to create a backup. Never distribute a certificate with a private key to the users.

  • Enable the checkbox Export private key (arrow in illus.).
  • Click on OK to confirm the warning message.
  • Protect the certificate with a password.

export root certificate with private key

  • Save the certificate in a secure location.

save root certificate with private key

Export certificate without private key

Export the root certificate without a private key in .cer format.

Click on OK to start downloading the certificate.

export root certificate without private key

  • Save the root certificate.

save root certificate without private key

Export server certificate

export server certificate

  • Select Export Server Certificate (SSL), to export the server certificate in .pfx format.
  • Protect your certificate with a password.

provide a password for the server certificate

You can now save the server certificate to a secure location.

Generate root certificate

This option is no longer available. Please do not make any settings here. Both Google and Apple have not supported self-signed root certificates for some time.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.