How to generate a self-signed certificate
If you need an HTTPS address against a different hostname, but lack your own certificates, Dashboard Server can automatically create self-signed certificates for you. For more information about SSL/TLS and HTTPS see How to configure TLS/SSL (HTTPS)
The certificates generated are for staging and pre-production use only. The certificate expiry dates are fixed to be 1 year in the future and no further.
You will need to connect to your SquaredUp server (How to connect to your SquaredUp server).
On the SquaredUp server open a command prompt as an administrator (from Start > Run type
command prompt
, right-click on the Command Prompt icon and click Run as administrator).Go to your Dashboard Server folder with the
cd
command.Where to find the Dashboard Server folderName of the Dashboard Server folder
The name of the Dashboard Server folder is
SquaredUpv
followed by theproduct version number
.Location of the Dashboard Server folder
If you deployed Dashboard Server via the Azure or AWS Marketplace :The default location for the Dashboard Server folder is
F:\
.SquaredUpv[Version Number]
For example, for Dashboard Server Community Edition v5 the default location isF:\SquaredUpv5
.If you installed Dashboard Server using the installer:
The default location for the Dashboard Server folder is
C:\inetpub\wwwroot\SquaredUpv[Version Number]
, but a custom location may have been chosen during the installation.
For example, for Dashboard Server v5 the default folder location isC:\inetpub\wwwroot\SquaredUpv5
Run the command
squaredup5 https --hostname <HOSTNAME>
Where
<HOSTNAME>
is replaced with a hostname.For example
squaredup5 https --hostname myserver.staging.company.com
This tool only accepts hostnames. Specifying an IP address will produce incorrect results
After a few seconds a certificate will be generated and installed, with the web server bindings updated to match:
Your server will now be available with an HTTPS:// binding at the hostname specified.
Security statement
The self-signed certificates generated by this tool use a dedicated, unique certificate authority which is added to the trusted root.
The private key for this authority is generated dynamically at runtime (it is not fixed): Dashboard Server does not ever hold or see the private key used. In addition, the private key is ephemeral: it is immediately discarded after the certificate is installed and cannot ever be used again.
This root authority cannot be used to generate any further certificates, and it cannot be used for arbitrary certificate abuse due to its fixed key usage (Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing
)