TLS Certificate Generation Guide Introduction

This guide is intended to show an administrator of a PrimeKey SignServer Cloud AWS instance how to generate new Transport Layer Security (TLS) certificates.

Documentation

SignServer Cloud documentation is available on:
https://download.primekey.com/docs/SignServer-Enterprise-Cloud/latest

SignServer Enterprise documentation is available on:
https://download.primekey.com/docs/SignServer-Enterprise/current

Additional information on SignServer Community is available on: www.signserver.org

AWS Documentation

For information on AWS Public IP addressing, refer to the AWS documentation on Public IPv4 Addresses and External DNS Hostnames.

Overview

This guide describes how to generate new TLS certificates in SignServer Cloud.New TLS certificates are needed in the following circumstances:

  • SignServer Cloud instance is shut down within the Amazon environment and the Public IP is released by Amazon.
  • An Elastic IP is added to the instance in place of the Public IP for persistence.
  • A custom DNS name is desired.

When using tools such as the ClientToolBox, the following error may be displayed:

"No subject alternative DNS name matching <instance ip>.compute-1.amazonaws.com found".

If this is encountered, perform the steps in this guide.