Royal Server is not only capable of working with self-signed certificates created by the Configuration tool but also with certificates with wildcards and certificates which are created by an internal CA.
When working with certificates from your own CA, please make sure that
- Include Key Usage Extension for this CA and specify Signature and Certificate Signing as capabilities.
- Include Key Usage Extensions for Users of this CA and specify Signature and Key Encipherment as capabilities
- Do not include Extended Key usage Extensions
- Include Basic Constraints Extensions: Use this certificate as a certificate authority
- Specify Subject Alternate Name Extensions for this CA: Specify your DNS name there and
127.0.0.1as your IP (this is important else the Configuration Tool can not work). For a wildcard certificate, use something like\*.royalserver-installation.comfor your DNS name
Issue a certificate with this CA with the following properties:
- Certificate Type: SSL Server
- Configure Extended Key Usage
- is Critical is checked
- SSL Server Authentication checked
- Subject Alternate Name Extensions
- Specify a DNSName that is resolveable
127.0.0.1as IPAddress (this is important, else the Configuration Tool can not work)