TLS Certificate Generation Guide

Introduction

This guide is intended to show an administrator of a PrimeKey SignServer Cloud AWS instance how to generate new Transport Layer Security (TLS) certificates.

Documentation

This SignServer Cloud Documentation applies for the latest SignServer Cloud version. For documentation for previous versions, refer to the PrimeKey SignServer Cloud download area.

For the latest SignServer Enterprise documentation, see SignServer Documentation.

AWS Documentation

For information on AWS Public IP addressing, refer to the AWS documentation on Public IPv4 Addresses and External DNS Hostnames.

Overview

New TLS certificates are needed in the following circumstances:

  • SignServer Cloud instance is shut down within the Amazon environment and the Public IP is released by Amazon.
  • An Elastic IP is added to the instance in place of the Public IP for persistence.
  • A custom DNS name is desired.

When using tools such as the ClientToolBox, the following error may be displayed:

"No subject alternative DNS name matching <instance ip>.compute-1.amazonaws.com found".

If this is encountered, perform the steps in this guide.