Most Certificate Authorities (CAs) instantly send certificates and provide at least a domain (server) certificate and may provide a root and one or more intermediate certificates in separate files. However, some authorities may provide the certificate data in a single email.
When selecting the certificate type from your CA, be sure to select Apache2 or Tomcat. If neither, the format supported by Vidyo Server is base64 X.509 pem or PKCS#7 (.p7b).
Your certificate authority may provide three types of files:
- The domain certificate file. This is often named or titled server certificate.
- One or more intermediate certificate files. This is optional.
- The root certificate file.
Again, the certificate authority may send you these files, or require you to download them from their website. Often, the certificates are not clearly identified, requiring you to identify each file type.
As mentioned, if your certificate authority provides certificate files in an email message, you must copy and paste the appropriate text for each certificate type into a separate file and save it with the correct extension, as described in the next section. Be sure to use a text editor that doesn’t append carriage returns at the end of each line.
Vidyo recommends the following guidelines to identify certificate files from your CA:
- The domain file normally contains your server’s common name or FQDN.
- Intermediate files often contain the character string “inter” somewhere in the file name. Once you identify which ones are the intermediates, you can then identify the root certificate file by process of elimination.
- The remaining file is the CA’s root certificate file.
The CA may also only return the domain (server) certificate, and if needed or required, the root and/or intermediate certificates need to be located, and manually downloaded from the CA’s website.
If the root and/or intermediate certificates were not provided to you, your Vidyo server includes a default bundle of common CA root and intermediate certificates. If you are using a mainstream CA, the root and intermediate certificates may not be needed.
Some CAs have several root and/or intermediate certificates available depending on the type of certificate you have ordered. Be sure to locate the appropriate matching root and/or intermediate certificates for your domain certificate. Contact your CA for assistance if you’re not sure.
CAs provide different kinds of certificate file(s) to customers. Regardless, the following certificates should be a part of what your CA provides to you:
- Domain Certificate (may have a .domain, .crt, or .cer extension).
- Intermediate Certificate(s) (optional, may be one or more, and may have an .inter, .crt, or .cer extension).
- A Root Certificate (may have a .root, .crt, or .cer extension).
Certificate Files Versus Bundles
Your CA may instead provide you with a .p7b file, which may contain Root and Intermediate or Root, Intermediate, and Server Certificate content. Check with your CA to find out exactly where each certificate is located. Your Vidyo server accepts the .pem, .crt, .cer, .p7b, and .pfx formats. The .pfx format additionally includes the private key which may be password protected.
- Certificate Files (.pem, .crt, and .cer) are imported using the Server Certificate and Advanced For more information, see Uploading CA Chain Certificate and Importing Trusted CA Certificates from the Advanced Tab.
- Bundles (.p7b and .pfx) are imported and/or exported (only .pfx formatted bundles can be exported) from the Advanced For more information, see Importing and Exporting Certificates.