The Alpha Anywhere Application Server handles HTTP and HTTPS requests from a client browser or server. The Application Server is responsible for managing Ajax Callbacks and translating Xbasic in .a5w pages and components (such as Grid, UX, Tabbed UI, etc.) into HTML, CSS, and JavaScript to be executed in the client’s browser. The Application Server also services other types of content – XML, JSON, multimedia, etc. – that is stored in the server’s file system and interacts with databases and other web services required by an application.
SSL Installation on Alpha cloud
Prerequisites:
- Server certificate (in pfx or cer or crt format)
- Key file
- Intermediate and root certificates.
Note: From within Alpha Anywhere, you can upload new or updated certificates to Alpha Cloud. When you renew a certificate and upload it, Alpha Cloud automatically deploys the new one when the old one expires. You can also disable a certificate that has been uploaded.
Steps:
Certificate File Formats
Depending on how you created your certificate, the certificate file may be in one of a few formats. You can tell the format by the extension on the certificate file. Alpha Cloud will load and upload the following formats:
- .pfx (also called PKCS#12) – This is a file that contains both the certificate and the private key. If you have the tools to create such a file, it will make the upload process a little easier.
- .crt – This file contains only the certificate and you will also need to choose a file with the private key in it.
- .cer (Alternate form of .crt files) – This file contains only the certificate and you will need to choose a file with the private key in it.
Note: .crt and .cer files should be encoded in ASCII PEM format (contains a readable header and footer and a base64 encoded body).
Private Key Files
If you have a certificate in a .crt or .cer file, you will need to provide the name of the .key file that contains your private key. Alpha Cloud will automatically convert the file to a .pfx file (see above) before uploading your certificate to the cloud for storage. Your key file may be in PKCS#7 or PKCS#8 format (it will have a heading that either says “BEGIN PRIVATE KEY” or “BEGIN RSA PRIVATE KEY.”
Intermediate Certificate Files
A trusted provider signs each certificate. In the simplest case, the provider who signs your certificate is a root level provider, and the certificate they sign your certificate with is already installed on the server. Often root level providers delegate authority to issue certificates to other providers, who can trust other authorities. Suppose an intermediate authority signs your certificate. In that case, you will need to provide a chain of certificates, each signed by the next authority up the hierarchy, until a root certificate has been referenced. These certificates are sent to each TLS (also called SSL) client as proof that the certificate being presented to a browser or web client is, in fact, valid. If your certificate is a CRT or CER file, there is a good chance you have been provided with intermediate certificates (possibly bundled into a single file). You will need to give these certificates when you upload your TLS (also called SSL) certificate.
Using the Certificate Upload Dialog
- Click the Alpha Cloud toolbar icon on the web control panel and select “Security” and then “Upload TLS Certificate” from the drop down menu.
- If you have access to more than one subscription, make sure you are accessing the correct subscription.
- Type the full path and name of your certificate file into the text box labelled “Certificate File” or click the button entitled “Browse For Certificate” to choose the certificate to upload.
- If you have selected a .pfx certificate file format, you may need to supply a password to load it. If so, type the password, and the certificate will load.
- If you have selected a .crt or a .cer certificate file format, you need to provide a key file. Type the full path and name of your certificate file into the text box labelled “Private Key File” or click the button entitled “Browse for Private Key” to choose the key file to upload.
- If you need to include intermediate certificates in your upload (as discussed above), click the button entitled “Browse for Intermediate Certificates” to choose the intermediate certificate files to have.
- The default status of a newly uploaded certificate is “Active” if you do not want to make the certificate available immediately, select “Disabled” from the dropdown entitled “Status.”
- As for safety, the dialog will not allow you to upload a duplicate certificate. If you need to replace a certificate with the same name and available start date, check the box entitled “Replace existing certificate?”
- Click the button labelled “Upload” to upload your certificate to the cloud.
Managing Certificates
For each unique certificate name (the full hostname of the certificate), Alpha Cloud can store one or more certificates. This way, renewed certificates can be related to older certificates for the same name. When a newer certificate becomes effective, Alpha Cloud will automatically deploy it instead of the older one.
You can use the Manage Certificates dialog to view and manage the certificates you have uploaded to the Alpha Cloud for the currently selected subscription.
- Click the Alpha Cloud toolbar icon on the web control panel and select “Security” and then “TLS Certificates” from the drop down menu.
- Select the certificate from the list entitled “Name.”
- You can change the status of the certificate to either “Active” or “Disabled.”
Important: If you disable a certificate assigned to a web site, the web site may stop working!
- To permanently delete a certificate from the cloud (such as an expired certificate), click the checkbox labeled “Delete” beside the item you want to delete.
- Click the button labeled “Apply Changes” to change the status and/or delete certificates.
- To undo changes before you apply them, click the button labeled “Discard Changes.”
- When you have finished managing your certificates, click the button labeled “Close” to exit the dialog.
If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.