Creating a Client Certificate for Syslog configuration

The server configurations require clients to support a client-signed certificate by the approved CA certificate. This CA certificate has been added to the appropriate folder in the server to support only allowing authorized clients to send messages. Use this certificate in the Client Alias field for Syslog configurations.
Prerequisites: You have the required authority to create and manage certificates. You are either running Workbench on your PC or laptop.
  1. To open the certificate stores, do one of the following in the Nav tree:
    • Expand Platform and double-click Certificate Management.
    • Expand Station > Config > Services > PlatformServices and double-click CertManagerService.
    Both steps open the same stores. Which to use depends on how you are connected to the platform/station.
    Image
  2. Click the New button at the bottom of the view.
    The Generate Self Signed Certificate window opens.
    Image
  3. Fill in the form and click OK.
    • Use Alias to identify this as a client certificate.
    • The Common Name(CN) becomes the Subject, In the HTML5 view, you can edit the CN, OU (Organizational Unit), O (Organization), L (Locality), ST (State/Province), and C (Country Code) using the edit mode next to the Distinguished Name (DN).
       NOTE: For a client certificate, the Common Name is often the name of the entity making the connection, such as a username. 
    • Organization should be the name of the company.
    • Although Locality and State/Province are not required and are arbitrary, leaving them blank generates a warning message.
    • The two-character Country Code is required and must be a known value, such as: US, IN, CA, FR, DE, ES, etc. (refer to the ISO CODE column at countrycode.org).
    • For Certificate Usage, select Client.
  4. Create a CA certificate or use an existing CA. Refer to “Creating a root CA certificate”.
  5. Click Cert Request to create a certificate signing request.
  6. Navigate to Tools > Certificate Signer Tool.
    The Certificate Signing window opens.
    Image
  7. Select the certificate signing request and enter the password set while creating the CA certificate.
  8. Sign the client certificate with the CA certificate in Workbench.
    Image
  9. Import the signed certificate back into Workbench, replacing the self-signed certificate.
  10. Export the CA certificate and key as a PEM separately from Workbench.
This CA certificate and key can be added to the CA certificate folder in the Syslog server and be used to sign the server certificate while configuring the mutual authentication.

Related Links

  • Certificate set up (Parent Topic)