How to generate a self-signed certificate

If you need an HTTPS address against a different hostname, but lack your own certificates, SquaredUp DS can automatically create self-signed certificates for you. For more information about SSL/TLS and HTTPS see How to configure TLS/SSL (HTTPS).

The certificates generated are for staging and pre-production use only. The certificate expiry dates are fixed to be 1 year in the future and no further.

1. On the SquaredUp server open a command prompt as an administrator (from Start > Run type command prompt, right-click on the Command Prompt icon and click Run as administrator).
2. Go to your SquaredUp DS folder with the cd command.
   Where to find the SquaredUp folder

   The default location for the SquaredUp folder is C:\inetpub\wwwroot\SquaredUp

   For v5 it is C:\inetpub\wwwroot\SquaredUpv5 and for v4 C:\inetpub\wwwroot\SquaredUpv4.

   A custom location may have been chosen during the installation.

   Name of the SquaredUp folder

   The default name of the SquaredUp folder is SquaredUp for v6 and above.

   For v5 it is SquaredUpv5, and for v4 SquaredUpv4.

3. Run the SquaredUp command with httpssquaredup https --hostname myserver.staging.company.com
   Where hostname is replaced with a hostname.
   What is the SquaredUp command for older versions?

   The SquaredUp command for v6 and above is SquaredUp. This is followed by an operator for the task you are carrying out, for example SquaredUp forms, SquaredUp windows, or SquaredUp ha.

   The SquaredUp command for v5 it is SquaredUp5, and for v4 SquaredUp4.

   This tool only accepts hostnames. Specifying an IP address will produce incorrect results
4. After a few seconds a certificate will be generated and installed, with the web server bindings updated to match:
   
   
   Your server will now be available with an HTTPS:// binding at the hostname specified.

Security statement

The self-signed certificates generated by this tool use a dedicated, unique certificate authority which is added to the trusted root.

The private key for this authority is generated dynamically at runtime (it is not fixed): SquaredUp DS does not ever hold or see the private key used. In addition, the private key is ephemeral: it is immediately discarded after the certificate is installed and cannot ever be used again.

This root authority cannot be used to generate any further certificates, and it cannot be used for arbitrary certificate abuse due to its fixed key usage (Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing)

Was this article helpful?