SystemLink

cancel
Showing results for 
Search instead for 
Did you mean: 

LetsEncrypt support / tutorial

Solved!
Go to solution

Thanks, that's a better idea to do it there. I'll just ignore the config tool 😉

0 Kudos
Message 11 of 14
(60 Views)

andre.buurman@carya wrote:

 

This doesn't require you to install the certificates via the web server config tool.


Note that depending on the clients you use to access the web server, you may need to manually keep C:\ProgramData\National Instruments\Web Server\config\root.cer up to date as well if you aren't going through the NI Web Server configuration utility. It contains the root CA certificate for the SystemLink API, at least the LabVIEW version, to communicate with the server securely, even when using a self-signed certificate.

 

The configuration utility will attempt to check and synchronize that file each time you launch it, which may interfere with you manually updating it.

0 Kudos
Message 12 of 14
(51 Views)

Hi Paul,

 

What's the life span of that certificate? Isn't there an automated renewal of that certificate as I can imagine that no sys admin would startup the config util on a regular basis just to update that certificate? Or is that certificate depending on e.g. the LetsEncrypt certificate?

 

Trying to understand the certifcate update scheme and interdependencies. In my current setup I'm not overwriting the orginal SL certifcates, just pointing the web server to a different set.

Regards,
André (CLA, CLED)
0 Kudos
Message 13 of 14
(32 Views)

andre.buurman@carya wrote:

 

What's the life span of that certificate? Isn't there an automated renewal of that certificate as I can imagine that no sys admin would startup the config util on a regular basis just to update that certificate? Or is that certificate depending on e.g. the LetsEncrypt certificate?


The root.cer file is the CA certificate from Let's Encrypt, which isn't going to change very often. Specifically, I believe it would be the ISRG Root X1 that you can download from https://letsencrypt.org/certificates/ (pem format).

 

For maximum compatibility, you'll also want to ensure the certificate file that the web server is using contains the intermediate certificate chain. I'm not familiar with the Let's Encrypt tools to know whether the certificate it gives you already contains the chain or not, but it would be a series of certificates one after the other in the same .cer file. From that same link, I believe that means you would want the Let’s Encrypt R3 certificate appended to yours.

0 Kudos
Message 14 of 14
(25 Views)