The process of getting a certificate involves creating a request file, sending the request to a Certificate Authority, receiving a certificate file in return, and then importing the certificate file.
Creating the Request
To create the request file:
-
Click Global Settings, then click SSL Certificate.
-
Click Create Certificate Request.
-
Fill in the basic information:
-
Fully Qualified Domain Name: For the Portfolio server system (such as
portfolio.example.com
) -
Organization Name: The name of your organization. This may be displayed on the server, but does not need to be a legal entity (“ExampleCorp” is OK, you don’t need to use “Example Corporation LLC”).
-
Organizational Unit: The name of the group within your organization responsible for the Portfolio server. This could be the same as the Organization Name.
-
City or Locality
-
State or Province
-
Two-letter Country Code
-
Subject Alternative Names: List here any additional hosts that you want to be covered by the same certificate. If you have multiple servers (Portfolio or any other web server), you can add their names here. You can also add different ways to address one server (IP address, DNS name, or LDAP Distinguished Name [dn] or Common Name [cn]). Separate individual entries with commas.
-
-
Click Create. This will generate a
.CSR
file; when prompted to download the file, click OK.You can download the file at any time; click Download in the Certificate Status panel.
Obtaining your Certificate
Send the .CSR file to your Certificate Authority and request a PKCS12 bundle in .pfx or .p12 format for Tomcat or Apache.
Importing your Certificate
The Certificate Authority will return a certificate file to you that you can import into Portfolio.
To import the certificate file:
-
Click Global Settings, then click SSL Certificate.
-
Click Import Certificate.
-
Click Select and select your certificate file, then click Import.
When the import is complete, the Certificate Status page will update to show the new certificate.
Replacing an existing certificate
To replace a certificate, generate a new request and import the new certificate as you did in these instructions.
You will need to do this when your existing certificate expires.