Using an SSL Certificate is one of the requirements for the Riva Insight On-Premise Server.
There are three options to generate an SSL Certificate for Riva Insight On-Premise:
Option 1 – Certificate through a third-party Certificate Authority (CA), for example DigiCert.
- Obtain the certificate from the third-party CA.
- Add the certificate to the Riva Insight On-Premise Server.
- In IIS, select the certificate for the site.
Option 2 – Certificate though Enterprise Certificate Authority (CA) (internal)
- On the Riva Insight On-Premise Server, do a certificate enrolment via MMC.
- Ensure that the certificate has the common name specified.
- Push the CA certificate (not the generated certificate) to all end-user machines, for example via the Domain Groups Policy.
Note: Typically, this mechanism is already in place for enterprise organizations. - Add the certificate to the Riva Insight On-Premise server.
- In IIS, select the certificate for the site.
Option 3 – Self-Signed Certificate (for development and testing purposes)
- On the Riva Insight On-Premise Server, run PowerShell as an administrator.
- Enter this command to generate the certificate:
where:New-SelfSignedCertificate -DnsName rivainsightapp.customer.com, rivainsightapp, localhost -CertStoreLocation cert:\LocalMachine\My -FriendlyName "{HOST} Web Server" -NotAfter (Get-Date).AddYears(10)
- rivainsightapp.customer.com is to be replaced with the DNS name(s) that will be accessed and
- rivainsightapp is to be replaced with the host name(s).
Notes:
- If listing multiple host names and DNS names, insert a comma and a space after each name except the last one.
- On Windows Server 2012 and Windows Server 2012 R2, PowerShell may not support the "-FriendlyName" and "-NotAfter" parameters, and can be left out. The disadvantage is that the certificate would have a shorter expiry and the certificate name is not as easily identifiable. - In IIS, select the certificate for the site.
- Push the generated certificate to the Trusted Root CA store for all end-user machines, for example via the Domain Groups Policy.