Creating a new SSL Certificate for use with Axiom

Creating a new SSL certificate and configuring Axiom to use it requires the following steps.

1. Generate a CSR to be used with a certificate authority to issue the certificate.

2. Combine the issued certificate and existing private key into a .pfx file.

3. Install the certificate (.pfx) on the server hosting Axiom.

4. Configure Axiom to use the new certificate.

1. Generating a CSR.

We will use OpenSSL to generate the CSR and create the .pfx certificate file. OpenSSL is available for both Windows and Linux.

Use the following command to generate the private key file.

openssl genrsa -out c:\SOME_DIRECTORY\canary_com.key 2048

Us the following command to generate the CSR file.

openssl req -new -key c:\SOME_DIRECTORY\canary_com.key -out c:\SOME_DIRECTORY\axiom.csr

The axiom.csr is the signing request you will need to submit to the Certificate Authority who will in turn issue you a certificate. The axiom.key is the private key for the certificate and will be needed in the next step.

2. Once you receive the certificate from the CA you will want to place it in the same directory as the private key. Now we need to combine the certificate with the private key to create the PFX file.

Use the following command to  combine the certificate with the private key to create the PFX file. Note the extra CAcert.crt file. This is the CA's root certificate and needs to be included.

openssl pkcs12 -export -out c:\SOME_DIRECTORY\axiom.pfx -inkey C:\SOME_DIRECTORY\axiom.key -in C:\SOME_DIRECTORY\axiom.crt -certfile C:\SOME_DIRECTORY\CACert.crt

You will notice at the end of this command we are including the CA Intermediate cert, you will receive this from the CA issuing your certificate.

Once you have the pfx file move it to the axiom server if it's not already there.

3. Install the certificate on the axiom server.

Double click on the axiom.pfx file to start the install process. Select Local Machine for the Store Location. Select next, then enter the password for the file you created. Complete the process with the defaults. Now the certificate has been installed on the system hosting Axiom.

4. Configure Axiom to use the new certificate.

Open the Canary Admin and select the Axiom tile. In the bottom menu select Configuration. In the Certificate section above enter the name of the URL the certificate is for. For this example we will use axiom.customer.com. Click Apply in the upper right to complete the process.