Generate SSL Certificate Using an External Certificate Authority

Following are the three main steps required to get an SSL certificate from an external Certificate Authority (CA) and use it with CIMPLICITY. Follow these steps when requesting the initial certificate and when renewing the certificate when it expires.

Generate the Certificate Signing Request (CSR)
Send the CSR to the CA and get the resulting server SSL certificate
Process the SSL certificate for use in CIMPLICITY

Before you begin, you must know the following parameters:

<InstallationPath>: The installation directory of Proficy CIMPLICITY.
<CrtFileName>: The name of the certificate/key files without the extensions.
<ConfigServicePortNumber>: Port number for the CIMPLICITY Configuration Service (typically 4955).
<UABrowseServicePortNumber>: Port number for the UA Browse Service (typically 4956).
<WsmServicePortNumber>: Port number for the Webspace Session Management Service (typically 4957).
<KeyPassPhraseFilePath>: Path to the pass phrase file protecting the .key file.
<PfxPassPhrase>: Pass phrase used to protect the generated .pfx file. This is the pass phrase itself, not a path to a pass phrase file.
<CSRCertificateName>: The name of the CSR certificate/key files without the extensions.
<ServerCetificateName>: The name of the Server certificate/key files without the extensions.
Note: The default value of ServerCertificateName is server_cert. To use a different file name, update the variables ssl_certificate and ssl_certificate_key in the httpd.conf file with the new values and restart the CIMPLICITY HTTPD Service.

To generate the SSL certificate, perform the following steps:

Generate CSR
1. Open the command prompt.
2. In the command prompt, navigate to the path where Generate_CSR.bat is saved.
```
Example: cd C:\Program Files (x86)\Proficy\Proficy CIMPLICITY\exe
```
3. Enter the following command in the command prompt.
```
Generate_CSR.bat <InstallationPath> <CSRCertificateName> <PassPhraseFilePath(optional)>
```
```
Example: Generate_CSR.bat “c:\Program Files (x86)\Proficy\Proficy CIMPLICITY” server_cert
```
4. Optional: To secure the private key with a password, add a password to a text file and save the file. Provide the file path in the command.
```
Example: Generate_CSR.bat “c:\Program Files (x86)\Proficy\Proficy CIMPLICITY” server_cert “c:\Passwords\password.txt”
```
5. If the certificate signing request (.crt) file or the private key (.key) file already exists in the specified folder, you are notified and prompted to delete the files. Select Y to delete the existing files and create new files. Select N to exit.
6. Enter the following details:
  - Country Name (2 letter code) [AU]
  - State or Province Name (full name) [Some-State]
  - Locality Name (eg, city) [Some-City]
  - Organization Name (eg, company) [Internet Widgits Pty Ltd]
  - Organizational Unit Name (eg, section) []:
  - Common Name (e.g. server FQDN or YOUR name) []
  - Email Address []
  - A challenge password []
  - An optional company name []:
7. Press Enter.
  The certificate signing request (.crt) file and the private key (.key) file are generated in the ScadaConfigPki folder in the installation path. (Example: C:\Program Files (x86)\Proficy\Proficy CIMPLICITY\ScadaConfigPki).
Obtain SSL Certificate
1. Send the certificate signing request (.csr) file to an external Certificate Authority (CA), such as VeriSign or DigiCert, and request for a CA certificate.
2. Save the certificate in the ScadaConfigPki folder.

Process SSL certificate

Open the command prompt.
In the command prompt, navigate to the path where process_server_cert.bat is saved.
```
Example: cd C:\Program Files (x86)\Proficy\Proficy CIMPLICITY\exe
```

Enter the following command in the command prompt.

process_server_cert.bat <InstallationPath> <CrtFileName> <ConfigServicePortNumber> <UABrowseServicePortNumber>  <KeyPassPhraseFilePath> <PfxPassPhrase> <WsmServicePortNumber>

Example: process_server_cert.bat “c:\Program Files (x86)\Proficy\Proficy CIMPLICITY” server_cert 4955 4956 c:\passwords\password.txt secret-pass-phrase 4957