Overview
Root, server, and client certificates can be purchased from a official certification authority (CA). For Cortado Server, you need a purchased server certificate.
Note! The Cortado server can generate server and client certificates for you if you use a root or root certificate purchased from a official certification authority. This root certificate must first be imported (including the private key) into the certificate store of the Cortado server.
The options described below can be found either in the Configurations Assistant that you used for the initial configuration of Cortado Server or in the Administration Portal under Administration→ Certificates under Server Certificates.
How to configure the Apple Push certificate see the article Set up Apple Push Certificate.
The procedure for setting up a client certificate mode is described in the section Establishing client certificates (optional).
Note! Cortado Server offers the option to generate self-signed root and server certificates in the configuration wizard (during initial configuration) and in the administration portal. Both Google and Apple have not supported self-signed root and server certificates for some time now. It is therefore mandatory to purchase a server certificate from an authorized certificate authority. Optionally, you can also purchase a root certificate from an authorized certification authority and derive a server certificate (and client certificates, if applicable) from it. Deriving the server certificate is possible in the Cortado server administration portal and is described in this article.
Import server certificate
You can upload your purchased server certificate either in the configuration wizard (during basic configuration) or subsequently in the management portal.
- To do this, select Administration→ Certificates→ Server Certificates→ Import Server Certificate (SSL) in the Administration Portal (arrow in illus.).
Note! Please note that your purchased server certificate must first be imported into the certificate store of the Cortado server under Certificates (Local Computer)→ Personal→ Certificates.
Note! If you use a purchased server certificate, you do not need to perform any of the following steps!
Import root certificate
You can import a root certificate purchased from an authorized certificate authority. You must then generate a server certificate derived from it.
- To do this, select Administration→ Certificates→ Server Certificates→ Import Root Certificate in the Administration Portal.
- Then select your certificate and enter the certificate password.
Generate server certificate
You can generate a server certificate with Cortado Server if you use a root certificate purchased from an authorized certification authority.
Cortado Server generates a new server certificate automatically if you:
- select the option Create new self signed server certificate in the Configuration Assistant or
- select the option Generate server certificate (SSL) in the Administration Portal (see image).
Note! The server certificate which is created here (if necessary) contains the server address which you have specified in the Configuration Assistant’s Cortado server address menu (see illus.). This address is also shown in the Administration Portal under Settings→ Connections (see illus.). Make sure that – on the one hand – this address is reachable from the devices and – on the other hand – the users use exactly this address for connections to the User Portal as well as to the web app. Otherwise certificate errors can occur in the device’s Internet browsers.
Export root certificate
In addition, the purchased root certificate can be exported with or without private key using the options Export Root Certificate.
- To do this, select Administration→ Certificates→ Server Certificates→ Export Root Certificate in the Administraion Portal.
Export certificate with private key
Export the root certificate with a private key in .pfx format.
Note! Only export the private key if you want to create a backup. Never distribute a certificate with a private key to the users.
- Enable the checkbox Export private key (arrow in illus.).
- Click on OK to confirm the warning message.
- Protect the certificate with a password.
- Save the certificate in a secure location.
Export certificate without private key
Export the root certificate without a private key in .cer format.
Click on OK to start downloading the certificate.
- Save the root certificate.
Export server certificate
- Select Export Server Certificate (SSL), to export the server certificate in .pfx format.
- Protect your certificate with a password.
You can now save the server certificate to a secure location.
Generate root certificate
This option is no longer available. Please do not make any settings here. Both Google and Apple have not supported self-signed root certificates for some time.