Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Notifications
Login / Register
Community
Community
Notifications
close
  • Forums
  • Knowledge Center
  • Events & Webinars
  • Ideas
  • Blogs
Help
Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Sustainability
Sustainability

Join our "Ask Me About" community webinar on May 20th at 9 AM CET and 5 PM CET to explore cybersecurity and monitoring for Data Center and edge IT. Learn about market trends, cutting-edge technologies, and best practices from industry experts.
Register and secure your Critical IT infrastructure

Installing an SSL Certificate from an External CA

Building Automation Knowledge Base

Schneider Electric Building Automation Knowledge Base is a self-service resource to answer all your questions about EcoStruxure Building suite, Andover Continuum, Satchwell, TAC…

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Schneider Electric Community
  • Knowledge Center
  • Building Automation Knowledge Base
  • Installing an SSL Certificate from an External CA
Options
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close

Related Forums

  • Intelligent Devices Forum

Previous Next
Contributors
  • RandyDavis
    RandyDavis
  • JonGreen
    JonGreen
  • David_Purser
    David_Purser
  • Jeff
    Jeff
  • Benji
    Benji

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Back to Building Automation Knowledge Base
Options
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
4 Likes
14236 Views

Link copied. Please paste this link to share this article on your social media post.

Trying to translate this page to your language?
Select your language from the translate dropdown in the upper right. arrow
Translate to: English
  • (Français) French
  • (Deutsche) German
  • (Italiano) Italian
  • (Português) Portuguese
  • (Русский) Russian
  • (Español) Spanish

Installing an SSL Certificate from an External CA

Commander JonGreen Commander
‎2019-12-05 09:52 AM

Last Updated: Picard David_Purser Picard ‎2022-10-27 06:00 AM

Issue

There is no fully detailed explanation of how to install an SSL Certificate from an External CA

Product Line

EcoStruxure Building Operation

Environment

  • Building Operation Enterprise Server
  • Building Operation Automation Server

Cause

When trying to install an SSL certificate from an external CA can fail

Resolution

  1. Configure a DNS name for the AS/ES (This prevents the certificate from being locked down to a specific IP.
    1. I.E. Configure an A record for "AS_Name".com
  2. Purchase SSL Cert through a 3rd party, or use your organization's internal CA/ root CA
  3. Download and install OpenSSL or can use OpenSSL installed with EBO 
  4. Run Command Prompt as an administrator
  5. Use command "cd c:\program files\OpenSSL-Win64\binOpenSSL.PNG
  6. Use OpenSSL to generate a CSR in order to obtain the certificate from the 3rd party
    1. openssl req -new -newkey rsa:2048 -nodes -keyout EcoStruxure.key -out EcoStruxure.csr
      1. Follow the prompts to fill out the information for the CSRnew key and CSR.PNG
  7. Supply CSR, other certificate contact information, and a means of validating the request to the 3rd party CA
  8. Verify identity with CA (this may not be necessary if you use your company's internal CA/ root CA
  9. Receive host and intermediate CA certificates from 3rd party CA
  10. Make sure the CRT/CER files are in the C:\Program Files\OpenSSL-Win64\bin directory of Windows Explorer
  11. Use OpenSSL to convert the CRT or CER files into PEM files, as PEM is the only format EBO will accept
    1. openssl x509 -in certFileName.cer -outform PEM -out convertedCertFileName.pemconverting cer to pem.PNG
  12. Use OpenSSL to convert the private key file generated at step 6 from .key to .prv
    1. openssl rsa -inform pem -in filename.key -out filename.prvconvert key.PNG
  13. Run WorkStation as administrator
  14. In WorkStation, Control Panel > Certificates click on the server you are trying to add the cert to, either an AS or ES.Certificates.pngmanage cert.png
  15. Click on Manage Certificates > Add Existing add existing.png
  16. Put in a name for the certificate (it can be anything you'd like)
  17. Click the ellipsis next to host, intermediate, and private to add the appropriate PEM files and click ok Add cert.png
  18. Select the newly added certificate from the drop-down and save the changes to activate
  19. Warm start the server

After this process is completed, verify that connection to WebStation via HTTPS shows a secure connection/trusted certificate.

Labels (1)
Labels:
  • EcoStruxure Building Operation
Tags (2)
  • Find more articles tagged with:
  • DavidPurser22
  • JonGreen19
Was this article helpful? Yes No
75% helpful (12/16)

Link copied. Please paste this link to share this article on your social media post.

To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2025 Schneider Electric

This is a heading

With achievable small steps, users progress and continually feel satisfaction in task accomplishment.

Usetiful Onboarding Checklist remembers the progress of every user, allowing them to take bite-sized journeys and continue where they left.

of