During this task you will create or obtain certificates for use with Access Gateway applications.
See About application certificate use for more information about certificate types for use with applications used by Access Gateway.
Okta recommends the use of Organizationally Validated certificates or Extended Validation certificates whenever possible.
To obtain a CA based certificate, follow the procedure detailed by your certificate authority.
Okta recommends the use of self-signed certificates for development and testing only and never for production use.
To generate a self-signed certificate:
Self-signed certificates can be generated using tools, such as openssl.
$ openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem Generating a RSA private key ................................... writing new private key to 'key.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. . . . ----- Country Name (2 letter code) [XX]:Your country code State or Province Name (full name) :Your state Locality Name (eg, city) [Default City]:Your City Organization Name (eg, company) [Default Company Ltd]:Your Company, Inc Organizational Unit Name (eg, section) :Your organinzational unit. Common Name (eg, your name or your server's hostname) :*.gateway.info Email Address :firstname.lastname@example.org $ ls *.pem key.pem certificate.pem
See https://www.openssl.org/ for more information on Open SSL.
A wildcard certificate is a digital certificate that is applied to a domain and all its subdomains. A wildcard notation typically consists of an asterisk, followed by a period, followed by a domain name.
For example, *.exampledomain.com.
Access Gateway supports the use of wildcard certificates. Extending a single certificate to subdomains rather than purchasing separate certificates saves money and minimizes administration. However, the downside is that if the certificate is revoked or expired, then all subdomains are impacted.
To obtain a wild card certificate, follow the procedure detailed by your certificate authority.
Password Protected Certificates:
Access Gateway does not support password protected certificates. If you upload a password protected certificate, you must re-enter the certificate’s password every time Access Gateway restarts, otherwise the gateway will not function property.