[5.x] How to install SSL certificate on PBA for Windows Control Panel server : CloudBlue Technical Support

Problem Statement

A provider wants to install an SSL certificate on BA for the Windows Control Panel server.

Resolution

In BA for Windows, the SSL certificate is configured by standard IIS configuration.

Follow these steps to install the SSL certificate:

Copy the file containing the SSL certificate to the PBA-E application server.
Open the RDP (Remote Desktop) connection to this server.
Run Start > Administrative Tools > Internet Information Services (IIS) Manager.
Right-click on Default Web Site, or the website the certificate was created for, then select Properties.
On the selected website properties dialog, select the Directory Security tab.
Click Server Certificate.
The IIS Certificate Wizard should start.
Select Process the pending request and install the certificate option, and click Next. Follow the wizard steps until finished.

Chain SSL Certificate

If the SSL certificate is issued by Certification Authority, not included in the list of web browser trusted authorities, customers are shown an alarming warning upon time opening the Online Store or BA Control Panel for the first time. The warning states that the SSL certificate is unknown (for their browsers), and asks whether to trust your certificate or not.

However, the SSL certificate is absolutely reliable, and is issued by one of the authorized SSL providers. This SSL provider is just not included in the list of the browser's default trusted authorities. In this case, the undesirable warning can be suppressed by means of chain certificate.

A certificate chain is a sequence of certificates, where each certificate in the chain is signed by the subsequent certificate. The purpose of a certificate chain is to establish a chain of trust from a peer certificate to a trusted Certificate Authority (CA) certificate. The CA vouches for the identity of the peer certificate by signing it.

To configure the chain SSL certificate, import the intermediate certificate using the Microsoft Management Console (MMC).

To ensure the certificate chain works, open the IIS Manager, select needed website properties, go to the Directory Security tab and click View Certificate.

Additional information

For more information, refer to Windows and IIS documentation.