{"id":7452,"date":"2020-08-22T01:01:10","date_gmt":"2020-08-21T16:01:10","guid":{"rendered":"https:\/\/chat-messenger.com\/?p=7452"},"modified":"2023-11-05T22:38:54","modified_gmt":"2023-11-05T13:38:54","slug":"ssl","status":"publish","type":"post","link":"https:\/\/chat-messenger.com\/en\/manual\/camserver\/ssl","title":{"rendered":"Apply SSL certificate to CAMServer"},"content":{"rendered":"<style type=\"text\/css\"><!--\ntable, th, td {\n    border: none !important;\n}\n--><\/style>\n<h2>About SSL Certificates<\/h2>\n<p>By applying an SSL certificate to CAMServer, the warning when accessing with a standard browser can be removed.<br \/>\nThere are two ways to obtain an SSL certificate, and we will explain each of them below.<\/p>\n<ol>\n<li>Apply Let's Encrypt's free SSL<\/li>\n<li>Purchase and apply Intranet SSL<\/li>\n<\/ol>\n<div class=\"point\">\nIf you do not apply a legitimate SSL certificate on-premise, you must use a web app or bypass the warning to access the site. For more information. <a href=\"https:\/\/chat-messenger.com\/en\/manual\/camserver\/signup_login_camserver\/\" target=\"_blank\" rel=\"noopener\">Log in to CAMServer<\/a> for more information.<\/div>\n<h2>Apply Let's Encrypt's free SSL<\/h2>\n<p>Let's Encrypt can issue certificates for free, but requires domain authentication through the HTTP-01 or DNS-01 challenge. Since CAMServer is not normally exposed to the outside world, we recommend using the DNS-01 Challenge.<\/p>\n<h4>DNS-01 Challenge<\/h4>\n<p>In the DNS-01 Challenge, ownership is verified by registering the token obtained from the Let's Encrypt server with the DNS server of the target domain name. For example, to issue a certificate for \"camserver.xx\", the DNS name <code>_acme-challenge.camserver.xx.<\/code>Set the TXT type to a record named \"Obtained Token\".<\/p>\n<div class=\"related\">\nFor a detailed explanation, see <a href=\"https:\/\/www.ipentec.com\/document\/windows-acme-create-ssl-certification-in-pfx-file\" target=\"_blank\" rel=\"noopener\">Use win-acme to obtain certificates for devices not connected to the Internet<\/a> for more information.<\/div>\n<h4>HTTP-01 Challenge<\/h4>\n<p>The HTTP-01 challenge obtains a token from the Let's Encrypt server and places a file containing this token in a designated directory on the CAMServer to confirm ownership of the domain name.<\/p>\n<p>For example, to issue a certificate for \"camserver.xx\", place the token file obtained below,<\/p>\n<p><code>CAMServer\/www\/.well-known\/acme-challenge\/obtained-token<\/code><\/p>\n<p>It must be published externally at the following URL<br \/>\n<code>http:\/\/camserver.xx\/.well-known\/acme-challenge\/\u53d6\u5f97\u3057\u305f\u30c8\u30fc\u30af\u30f3<\/code><\/p>\n<h4>Once Let's Encrypt certificate creation is complete<\/h4>\n<p>Place the pem file according to the following procedure.<\/p>\n<ol>\n<li>CAMServer stop<\/li>\n<li>privkey.pem \/ cert.pem \/ chain.pem files. <code>CAMServer\/config\/ssl\/<\/code> copy to<\/li>\n<li>CAMServer startup<\/li>\n<\/ol>\n<h2>Purchase and apply Intranet SSL<\/h2>\n<p>To apply an SSL certificate to a CAMServer that is completely inaccessible from the outside, an Intranet SSL certificate must be purchased.<\/p>\n<p>Once you have purchased Intranet SSL and obtained the keystore file, follow the steps below to apply it.<\/p>\n<ol>\n<li>CAMServer stop<\/li>\n<li>keystore file. <code>CAMServer\/config\/ssl\/tomcat.keystore<\/code> overwriting (e.g. data, file)<\/li>\n<li><code>CAMServer\/cam.ini<\/code> Add the following section to the file\n<ul>\n<li><code>camserver.keyAlias=keyAlias at certificate creation<\/code><\/li>\n<li><code>camserver.keystorePass=keystorePass at time of certificate creation<\/code><\/li>\n<\/ul>\n<\/li>\n<li>CAMServer startup<\/li>\n<\/ol>\n<div class=\"point\">\n<ul>\n<li>CAMServer uses Tomcat as its HTTP server, and in most cases, the instructions for obtaining and creating a keystore file for Tomcat are available at the place of purchase.<\/li>\n<li>For Intranet SSL, if the root certificate is not registered in the browser of each terminal, the root and intermediate certificates must be downloaded from the place of purchase and applied separately to each terminal's browser.<\/li>\n<\/ul>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>About SSL certificates By applying an SSL certificate to CAMServer, you can eliminate warnings when accessing with a standard browser [\u2026]<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"swell_btn_cv_data":""},"categories":[17],"tags":[],"_links":{"self":[{"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/posts\/7452"}],"collection":[{"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/comments?post=7452"}],"version-history":[{"count":10,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/posts\/7452\/revisions"}],"predecessor-version":[{"id":8843,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/posts\/7452\/revisions\/8843"}],"wp:attachment":[{"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/media?parent=7452"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/categories?post=7452"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/tags?post=7452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}