Creating Server Certificate

In order to provide trusted network security services to wireless clients, ClearBox Server must be able to cryptographically identify itself to clients. To prove its identity to clients, it sends them its digital certificate during the client login procedure. This certificate may be obtained from some existing certificate authority (which is already exists in your organization or purchased from a commercial CA). Still you may create your own certificate authority and issue the server certificate by yourself. This approach have some disadvantages (say, you should make each wireless client trust your CA) but may become the best choice for initial testing or use with a limited number of clients.

Run Certificates Wizard and select the first option:

Click Next. Type in your root CA name:

It will be shown as a certificate issuer on any certificate it issues (at least, on the server certificate).

Next, define its password. It must not be short (at least 8 characters) and should better contain upper- and lower-case symbols and digits, as loosing this password means invalidating the CA and all certificates it has issued.

Click Next and define server names for the server certificate:

Select the server certificate validity time span. When expired, the certificate should be re-issued or renewed.

Click Next. Fill in the fields which describe the location of ClearBox Server:

Click Next.

After some time depending on the server machine performance you'll be shown the success message:

It means that the root CA and the server certificates are created successfully.

The last step is to select the server certificate in Configurator. Run it, select 'TLS Settings' in the left tree. Click 'Select Certificate...':

Select the created certificate from the list and click OK:

Click 'Apply Changes', click 'Save' on the toolbar and restart ClearBox service.

IMPORTANT NOTE. CA files (public certificate ca.crt and private key ca.pem) are created in <Server installation path>\CA\. Don't remove them if you plan to create or manage client or server certificates. Besides, it's very important to keep ca.pem private (you should better restrict the file access permissions to let only you access it).