What a Third Party Certificate Should Look Like

Version 5

    Verified Product Versions

    Avalanche 6.1Avalanche 6.2

    For managing smart devices and for secure connection a third party certificates needs to be uploaded to the avalanche console.

    Avalanche will only accept the PCKS#12 format certificates file which ends either with .p12 or .pfx extension.

    Usally these files contain the private key, server certificate/public key. intermediate certificate and the root certificate. If your certifcate path contains more than one intermediate signing authority then you need have all the intermediate certificates inside the .p12/.pfx file.

     

    Once you double click on the received .p12 file you will asked to import the certificate , once the certificate is imported you will be able to see the certification path from MMC(Microsoft Management Console).

    Usally it looks like this:

    certtest.png

    If for some reason Avalanche does not accept your server certificate or gives you an error message "certificate is invalid", then you need to cross check the certificate content using the Opessl tool.

    You can download the openssl tool from here.

     

    Here are some simple commands and the description about hem.

    Make sure you place these certificates inside the openssl installation folder.

     

    OpenSSL> pkcs12 -info -in Ivanti.pfx -passin pass:1234 -nodes

    OpenSSL> pkcs12 -info -in Ivanti.p12 -passin pass:1234 -nodes

     

    Replace "1234" with your certificate password and ivanti.pfx with your certificate name.

    A healthy .p12/.pfx file contains Private key, root certificate, intermediate and server certificate.

    Contains these lines,

    Starting with a private key

    -----BEGIN PRIVATE KEY-----

     

    -----END PRIVATE KEY-----

     

    Followed by a Root certificate and Intermediate certificate

     

    -----BEGIN CERTIFICATE-----

     

    -----END CERTIFICATE-----

     

     

    -----BEGIN CERTIFICATE-----

     

    -----END CERTIFICATE-----

     

    Usally, in the last you will be able to see your server certificate.

     

    -----BEGIN CERTIFICATE-----

     

     

    -----END CERTIFICATE-----

     

     

    you can decode the content of these certificates using different online tools for example here.https://www.sslshopper.com/certificate-decoder.html

    If your certificate is missing any of the above componenets, this can cause a invalid error on avalanche. In this case you can also see the error in SDS logs.

     

    It will always be better to ask your Certificate provider to include all the componenets inside your .p12/.pfx file. If you are missing any of the componenets and avalanche is giving an error, then the issue is not related to avalanche.