Create SSL certificates#

Use a self-signed SSL for application development and tests. If you create a certificate, you can avoid the cost of a certificate signed by an external certificate authority. You can create SSL certificates for Windows or Linux and macOS.

Create SSL certificates on Windows#

Prerequisites#

For Windows, you need the following tools:

• makecert (Makecert.exe) is a command line CryptoAPI tool that creates an X.509 certificate signed by a system test root key or another specified key. The certificate binds a certificate name to the public part of the key pair. The certificate saves to a file, a system certificate store, or both. For more information, refer to Microsoft MakeCert documentation.

• pvk2pfx (Pvk2Pfx.exe) is a command line tool that transfers public key and private key information contained in .spc, .cer, and .pvk files to a Personal Information Exchange (.pfx) file. For more information, refer to the Microsoft Pvk2Pfx documentation.

Create a self signed certificate#

Create a .pvk certificate is now ready to be used with the Unity Version Control (UVCS) server.

1. Run the makecert command to generate the .pvk and .cer files: makecert -n "CN=TARDIS" -r -a sha1 -sky exchange -sv Tardis.pvk Tardis.cer
2. Make a note of the password because you need it for the pvk2pfx command.
3. Use the pvk2pfx tool to combine the generated .pvk and .cer files into the final .pfx file: pvk2pfx -pvk "Tardis.pvk" -spc "Tardis.cer" -pfx "Tardis.pfx" -pi <password>

Create a CA signed certificate#

You can use the Certificate Authority (CA) certificate to generate additional SSL certificates for other sites and services such as the UVCS server.

1. Run the makecert command to generate the .pvk and .cer files: makecert -n "CN=My Company" -r -a sha1 -sv MyCompanyCA.pvk MyCompanyCA.cer
2. Execute the following command to create an SSL certificate:

   makecert -n "CN=TARDIS" -iv MyCompanyCA.pvk -ic MyCompanyCA.cer -sky exchange -a sha1 -pe -sv
       "UvcsServerTardis.pvk" UvcsServerTardis.cer

3. Execute the pvk2pfx command to combine the .pvk and .cer files to generate the .pfx file: pvk2pfx -pvk "UvcsServerTardis.pvk" -spc "UvcsServerTardis.cer" -pfx "UvscServerTardis.pfx" -pi <password>

Create SSL certificates on Linux and macOS#

Prerequisites#

For Linux and macOS, one of the most versatile SSL tools is openssl. This tool is an open-source implementation of the SSL protocol.

openssl is commonly used to create the Certificate Signing Request (CSR) and private key for many different platforms. This tool comes with almost every Linux distribution, so it is usually already installed and ready to use.

Create a self signed certificate#

Create a .pfx file to use with the Unity Version Control (UVCS) server.

1. Execute the openssl command to create the .pem file: openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout key.pem -out key.pem
2. Enter the information to incorporate into your certificate request. Note: For the Common Name value, you need to use the UVCS host name that your clients use to connect with the server machine.
3. Run the following command to export the .pem certificate file into a .pfx file: openssl pkcs12 -export -out ssl-certificate.pfx -in key.pem -name "UVCS Certificate"

Create a CA signed certificate#

1. Execute the following openssl command: openssl genrsa -out rootCA.key 2048
2. Execute the following command to use the rootCA.key to generate the self signed certificates: openssl req -x509 -new -nodes -days 3560 -key rootCA.key -out key.pem
3. Run the following command to export the .pem file into a .pfx file: openssl pkcs12 -export -out ssl-certificate.pfx -in key.pem -name "UVCS Certificate"

Additional resources#

• Use SSL certificates.