Generate a SSL Certificate For Riva Insight On-Premise

  • Updated

Using an SSL Certificate is one of the requirements for the Riva Insight On-Premise Server.

There are three options to generate an SSL Certificate for Riva Insight On-Premise:

Option 1 – Certificate through a third-party Certificate Authority (CA), for example DigiCert.

  1. Obtain the certificate from the third-party CA.
  2. Add the certificate to the Riva Insight On-Premise Server.
  3. In IIS, select the certificate for the site.
     

Option 2 – Certificate though Enterprise Certificate Authority (CA) (internal)

  1. On the Riva Insight On-Premise Server, do a certificate enrolment via MMC.
  2. Ensure that the certificate has the common name specified.
  3. Push the CA certificate (not the generated certificate) to all end-user machines, for example via the Domain Groups Policy.
    Note: Typically, this mechanism is already in place for enterprise organizations.
  4. Add the certificate to the Riva Insight On-Premise server.
  5. In IIS, select the certificate for the site.
     

Option 3 – Self-Signed Certificate (for development and testing purposes)

  1. On the Riva Insight On-Premise Server, run PowerShell as an administrator.
  2. Enter this command to generate the certificate:
     
    New-SelfSignedCertificate -DnsName rivainsightapp.customer.com, rivainsightapp, localhost -CertStoreLocation cert:\LocalMachine\My -FriendlyName "{HOST} Web Server" -NotAfter (Get-Date).AddYears(10)
    where:
    - rivainsightapp.customer.com is to be replaced with the DNS name(s) that will be accessed and
    - rivainsightapp is to be replaced with the host name(s).

    Notes:
    - If listing multiple host names and DNS names, insert a comma and a space after each name except the last one.
    - On Windows Server 2012 and Windows Server 2012 R2, PowerShell may not support the "-FriendlyName" and "-NotAfter" parameters, and can be left out. The disadvantage is that the certificate would have a shorter expiry and the certificate name is not as easily identifiable.
  3. In IIS, select the certificate for the site.
  4. Push the generated certificate to the Trusted Root CA store for all end-user machines, for example via the Domain Groups Policy.

 

 

 
 
 

Was this article helpful?

/