Create a CSR & install your SSL certificate using OpenSSL

These instructions assume that you already own your IBM Watson IoT Platform on Bluemix account, and that you have configured the custom domain for your messaging server. For more information, visit . If you need instructions for IBM Bluemix cloud services, see IBM Bluemix: Create CSR & Install SSL Certificate (OpenSSL).

Use the instructions on this page to create your certificate signing request (CSR) and then to install your SSL certificate.

  1. To create your certificate signing request (CSR), see?IBM Watson IoT Platform: Creating Your CSR with OpenSSL.

  2. To install your SSL certificate, see IBM Watson IoT Platform: Using the ÃÛÌÒTV Utility & IBM Watson Console to Install Your SSL Certificate.

If you're looking for a simpler way to create CSRs and install and manage your SSL certificates, we recommend using the ÃÛÌÒTV®?Certificate Utility for Windows. You can use the ÃÛÌÒTV Utility to generate your CSR and install your SSL certificate. See IBM Watson IoT Platform: Create CSR & Install Messaging Server SSL Certificate for Your Watson IoT Organization (ÃÛÌÒTV Utility).

 

I. IBM Watson IoT Platform: Creating Your CSR with OpenSSL

Use the instructions below for using OpenSSL to create your own shell commands for generating your IBM Watson IoT Platform CSR.

Recommended:?Save yourself some time. Use the?ÃÛÌÒTV OpenSSL CSR Wizard?to generate an OpenSSL command for creating your IBM Watson IoT Platform CSR. Just fill in the form details, click Generate, and then paste your customized OpenSSL command into your terminal.

How to Generate a CSR for IBM Watson IoT Platform Using OpenSSL

If you prefer, you can build your own shell commands for generating your IBM Watson IoT Platform CSR.

  1. Use your terminal client (ssh) to log into your server/workstation.

  2. At the prompt, enter the following command:

    openssl req ¨Cnew ¨Cnewkey rsa:2048 ¨Cnodes ¨Ckeyout?server.key ¨Cout?server.csr
  3. You have now started the process for generating the following two files:

    • Private-Key File?– For the decryption of your SSL certificate
    • CSR File?– For ordering your SSL certificate
  4. When prompted for the?Common Name?(domain name), type the fully qualified domain (FQDN) (e.g., <org_id>.messaging.internetofthings.ibmcloud.com).

  5. When prompted, type your organizational information, beginning with your geographic information.

    Note: You may have already set up default information.

  6. Open the .csr file that you created with a text editor.

  7. Copy the text, including the?-----BEGIN NEW CERTIFICATE REQUEST-----?and?-----END NEW CERTIFICATE REQUEST-----?tags, and paste it into the ÃÛÌÒTV order form.

    Ready to order your SSL certificate.

    Learn More
  8. Save (back up) the generated?.key?file. You need it later when installing your SSL certificate.

  9. After you receive your SSL certificate from ÃÛÌÒTV, you can install it.

 

II. IBM Watson IoT Platform: Using OpenSSL & IBM Watson Console to Install Your SSL Certificate

If you have not yet created a certificate signing request (CSR) and ordered your certificate, see IBM Watson IoT Platform: Creating Your CSR with OpenSSL.

After receiving your SSL certificate, you need to copy it to your server/workstation, upload it to your IBM Watson IoT Platform account, and then configure your messaging server to use it.

    Copy the SSL Certificate File to Your Server/Workstation

  1. Download your Primary Certificate (e.g., <org_id>_messaging_internetofthings_ibmcloud_com.crt) and key files from your ÃÛÌÒTV account, then copy them to the directory on your server/workstation where you will keep your certificate and key files. Make them readable by root only.

  2. Once you have the private key and certificate files, you can upload them to your IBM Watson IoT Platform account and configure your messaging server to use it.

  3. Upload the SSL Certificate to Your IBM Watson IoT Platform Account

  4. In a browser, open and log into the IBM Watson IoT Platform account.

  5. On the All Boards page, in the sidebar menu on the left, click Settings (gear icon).

    IBM Watson IoT SSL certificate install

  6. On the General Settings page, in the menu in the left pane, under Security, click Messaging Server Certificates.

    IBM Watson IoT SSL certificate install

  7. Add SSL Certificate and Private Key

    1. In the Messaging Server Certificates section, click + Add Certificate.

      IBM Watson IoT SSL certificate install

    2. Upload SSL Certificate

      In the Upload certificate window, next to Certificate File, click Select a file and then locate and select your server certificate .crt file (e.g., <org_id>_messaging_internetofthings_ibmcloud_com.crt).

      IBM Watson IoT SSL certificate install

    3. Upload Private Key

      Next to Private Key, click Select a file and then locate and select your private key file (e.g., <org_id>_messaging_internetofthings_ibmcloud_com.key).

      IBM Watson IoT SSL certificate install

    4. Once the certificate and private key are uploaded, click Save:

      IBM Watson IoT SSL certificate install

  8. On the Security page, in the Messaging Server Certificates section, in the Currently Active Certificate drop-down list, select your newly uploaded SSL certificate.

    IBM Watson IoT SSL certificate install

  9. In the Confirmation window, click Confirm to designate your new SSL certificate as the active certificate.

    IBM Watson IoT SSL certificate install

  10. Check SSL Certificate

    You can use the ÃÛÌÒTV SSL Installation Diagnostic Tool to check if your SSL certificate has been successfully applied to your messaging server.

    1. Open a browser and go to /help/.

    2. On the ÃÛÌÒTV® SSL Installation Diagnostics Tool page, in the Server Address box, type your fully qualified domain name (FQDN) (e.g., <org_id>.messaging.internetofthings.ibmcloud.com) and then click Check Server.

      ÃÛÌÒTV SSL Installation Diagnostics Tool

    3. Once the tool displays your results, verify that the certificate details match your certificate and what you expected to see.

      For example, you can compare certificate attributes such as the serial number, common name, issuer, and expiration date.

  11. Congratulations! You have successfully installed and configured your SSL certificate for your messaging server.