Create and Configure Certificate

• What is the Self-Signed Certificate Used for in Smart Previews?

• About the BA Insight Self-Signed Certificate Script

• Script Operating System Support

• Script Parameters

• How to Create a Self-Signed Certificate

 

What is the Self-Signed Certificate Used for in Smart Previews?

• The self-signed certificate sets up trust between the Smart Previews Hybrid web site and the Smart Previews Web Resources website.

About the BA Insight Self-Signed Certificate Script

• Use the script contained in the following zip file to create a self-signed certificate for use with BA Insight products: CreateSelfSignedCertificate.zip

Script Operating System Support

The script uses PowerShell API which is only available in Windows 10+ or Windows Server 2016+.

• If the API is not available, you receive a corresponding error message when running the script.

• It is possible to use a certificate generated in Windows 10 or Windows Server 2016 on a server running Windows Server 2012 or older versions of Windows.

Script Parameters

The script supports the following parameters:

Parameter	Type	Description
CertFriendlyName	String	Friendly name for the generated certificate. This value is used several times by the script: As Friendly Name metadata of the generated certificate As part of the subject for the generated certificate, so that it's possible to generate multiple certificates targeting the same server As a name for the output files generated by the script Example value: "BA Insight Self-Signed Certificate"
IssuedTo	String	Name of the server the certificate will be installed to. The issuedTo value has multiple options: This value is used in Issued To and Dns Name metadata of the generated certificate.   Example Value: "myserver.mydomain.local" representing the name of the server Use the final Web Site host name: Example Value: bainsight.add.mydomain.local In this example a DNS entry would require creation point to the server IP Address Alternatively a Host.ini record on the Server can be added in place of the DNS entry.  Any client trying to access the Site would require a host.ini entry also   Example value: "myserver.mydomain.local"

How to Create a Self-Signed Certificate

The steps below describe how to use the BA Insight script to generate a self-signed certificate:

1. Download the script.
   
2. Extract the script file from the ZIP archive.
   

3. Start a PowerShell window as an Administrator.

   It's important to run the script as an Administrator.
   

4. Navigate to the folder where the script is located by executing the following command in the PowerShell window:

   cd "path_to_the_folder"
   

5. Run the script by executing the following command in the PowerShell window:

   .\CreateSelfSignedCertificate.ps1 -CertFriendlyName "certificate_friendly_name" -IssuedTo "server_name"
   

6. When prompted, enter the password to be used as the key for the PFX file.
   
7. Sample script output is displayed in the screenshot below.
   
   1. Copy the value listed under Subject from the script output for future reference:
      
      
      
      
8. After the script is finished, two files (CER and PFX) are output to the local directory where the script itself is stored.
   These files are two different representations of the generated certificate:

• CER file:
  • Contains only the public key of the certificate and may be shared without any restrictions.
• PFX file:
  •  Contains both public and private keys and is secured with the password provided during the script execution.
  • The PFX file must be securely stored.

Expiration time for certificate generated by the script is set to 100 years from the time the certificate is created.