Cryptographic certificates are the digital equivalent of website validation, which enables you to encrypt connections using TLS protocol and thus provide a secure link between server and client.
There are both paid and free certification centers. Let’s Encrypt is one of the free centers, which provides certificates for 90 days with an automatic renewal option.
For TrueConf Server users TLS certificate is required to join web meetings via WebRTC application and sync TrueConf Server with Active Directory.
Table of Contents
Step 1: Getting started
First, you should stop all TrueConf Server services and all processes that can use 80 and 443 ports, such as Apache Http Server.
To create a TLS certificate on Windows, download the ACME Simple (WACS) program. Then follow the instruction:
- Extract the downloaded archive to the
C:\wacs\folder. - Create a crt directory in the same folder.
- In Windows Defender Firewall, go to Advanced Settings → Inbound Rules → New Rule → Port; enter 80 and 443 ports separated by comma in the Specific local ports field and click Next. Then select Allow the connection, click Next again, specify which profiles the rule will apply to (for all by default) and after clicking Next, save the rule under any name.
Step 2: Creating a certificate
Open the command line (cmd) as administrator and run the following program:
|
1 |
C:\wacs\wacs.exe |
Next, run the following commands sequentially by entering the letters and digits corresponding to the menu options that you want to select. For example, to run the command Create certificate (full options), you will need to type m and press Enter. (for version 2.2).
- Start creating the certificate by manually specifying the parameters. To do it, select:
- Create certificate (full options)
- Manual input.
- Specify your domain name and press Enter twice to confirm.
- If necessary, you can create separate certificates for subdomains and hosts. In our case, we will select Single Certificate:
- Then select the following options sequentially:
- [http] Serve verification files from memory
- RSA key
- PEM encoded files (Apache, nginx, etc.).
- Specify a folder for saving certificates
C:\wacs\crt. - You will be offered to create the password for the private key. Select None.
- Next, select:
No (additional) store stepsNo (additional) installation steps.
- Answer additional questions as follows:
- type
nofor the question Open in default application? - type
yesfor the question Do you agree with terms?.
- type
- Specify an email address for error notifications.
When you successfully create the certificate, you will see the Authorization result: valid message. Answer no to the question Do you want to specify the user the task will run as? question.
If a certificate has already been generated for the specified domain name, there will be the corresponding notification in the Existing renewal line. The certificate expiry date will be provided as well. You can create the certificate again by entering yes in response to the question Overwrite settings?.
Three files will be generated in the C:\wacs\crt folder:
- domain_name-crt.pem is the certificate itself
- domain_name-key.key is the key file
- domain_name-chain.pem is the trust chain, it includes Let’s Encrypt root and intermediate certificates.
Now you can use them in TrueConf Server, as shown in our article.
