| Procedure for installing CA-issued certificates |  Search
|
|
NowSMS Support Forums ⬆ NowSMS Support - SMS Issues ⬆ |
◄ ► |
| Author | Message | |||
| Stavros Tseriotis New member Username: Tuccero9 Post Number: 16 Registered: 08-2016 |
Hello, We are using NowSMS SMS/MMS Gateway version 2024.02.16 running on a Windows Server 2016 Standard and we received a finding that we are not using CA-issued certificates for www and smtp services. I searched the documentation available in this site but i did not find any section referencing a procedure for installing certificates. Can you please share some instructions for this procedure? | |||
| Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 8566 Registered: 10-2002 |
The process is a little cumbersome because it requires manually moving text files around The files are in text format containing base64 content, known as PEM format. NowSMS assumes it is operating in a scenario where you are using a commercial Certificate Authority (CA), so the process is a little different if you are using an enterprise CA. When working with a commercial CA, the assumption is that NowSMS needs generate a certificate signing request (CSR), which gets submitted to a CA, and the CA returns a certificate based on the information supplied in the CSR. When you generate a CSR with NowSMS, NowSMS will generate a private key for the server, which gets stored in the NowSMS directory as a file named SSL.KEY. The certificate signing request gets saved as a file named SSL.CSR. A temporary self-signed certificate (which lets you use SSL/TLS with a security warning message from most browsers) gets saved in a file named SSL.CRT. When you receive the certificate from the CA, you must save it in a file named SSL.CA. With an enterprise CA, the CA will typically generate a private key and a certificate. It is preferred that the private key not be encrypted (this can be supported but adds extra steps that require our technical support to be involved). The private key should be saved in a text file named SSL.KEY and the certificate should be saved in 2 text files named SSL.CA and SSL.CRT. Restart the services after making any changes to the private key and/or certificate files. Regards, Bryce Norwood NowSMS Support | |||
| Stavros Tseriotis New member Username: Tuccero9 Post Number: 17 Registered: 08-2016 |
Hello Bryce, When generating a csr request there is no option to add some extended attributes such as SAN (Subject Alternative Name). I added a screenshot of the available fields at the end of this post. I noticed that NowSMS is using openssl for this purpose. Is it possible to use a cli openssl approach for this certificates? That is to create the private key on NowSMS server and generate a csr, then after receiving the certificate from CA place the certificates with the names that you mentioned in your previous post. I suppose that i will place the rootca certificate as SSL.CA and the certificate chain file as SSL.CRT. Is it possible to do it like that? Best Regards, Stavros  | |||
| Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 8569 Registered: 10-2002 |
Hi Stavros, There should be no problem generating a custom CSR with OpenSSL tools, and directly modifying the files. NowSMS remembers the password used for the CSR, so you may want to generate a CSR first in NowSMS, even if you don't use this CSR, so that NowSMS can decode the signed cert. The certificate chain should go into SSL.CA (multiple ---BEGIN/END CERTIFICATE--- blocks is normal). SSL.CRT is not actually used if SSL.CA exists, but we recommend duplicating SSL.CA as SSL.CRT if manually manipulating certificates because some versions of NowSMS look to see whether this file exists to determine whether or not to enable SSL/TLS functionality. regards, Bryce Norwood NowSMS Support | |||
| Stavros Tseriotis New member Username: Tuccero9 Post Number: 18 Registered: 08-2016 |
Hi Bryce, I followed your suggestion and i was able to install the CA certificate without any problem. Thank you. Best Regards, Stavros | |||
