Control Network Newsletter
How to Create and Use Self-Signed SSL Certificates
Contemporary Controls has expanded its line of BACnet routers and gateways to incorporate HTTPS to provide secure Internet communication and protect the integrity of client data. Their resident HTTPS web servers allow for commissioning, status reporting, and troubleshooting using any standard web browser.
HTTPS (Secure HTTP) uses encryption for secure communication over a computer network. HTTPS is encrypted using Transport Layer Security (TLS), formerly Secure Sockets Layer (SSL). The protocol is still referred to as HTTP over SSL, commonly shown as https:// in the browser address bar.
SSL/TLS relies on the use of keys and digital certificates. Keys occur in pairs (public/private) and are used for encryption/decryption. A public key is used for encryption, while the private key is used for decryption. Digital certificates are used to prove the ownership and authenticity to ensure that only authorized devices communicate with each other. Certificates are typically issued and managed by a trusted third-party company, called a Certificate Authority (CA). Getting an SSL certificate installed for a website by a well-known CA that is trusted by all devices and browsers, such as DigiCert, Comodo, GoDaddy, Let's Encrypt, can provide access to the website seamlessly over the public Internet. These trusted CAs only provide certificates to websites which have a public IP address. They won't do this for devices on an internal network with private IP addresses.
As most of our customers use our devices on internal networks, they can create a self-signed certificate. If you don't have an IT department, you can generate a self-signed certificate that will make our device trusted by your browser.
Self-signed digital certificates are created by signing the certificate with the owner's private key. They are created, issued, and signed by the company or developer who is responsible for the website/software being signed. Unlike certificates issued by a trusted CA, no external party verifies a self-signed certificate. Self-signed certificates are fast, free, and easy to issue. They are appropriate for development/testing environments, internal network websites and providing secure webpages for devices. Most devices will use a self-signed certificate because of the associated cost of getting a certificate from a well-known CA that is trusted by all browsers.
This document explains how to add OpenSSL for Windows using WinGet and create a self-signed certificate, how to install this self-signed certificate on the device, and how to download and install the self-signed certificate on different Windows machines. Instructions are provided for commonly used browsers—Google Chrome, Microsoft Edge, and Mozilla Firefox.
Read the application note here:
Application Note: How to Create and Use Self-Signed SSL Certificates.