Knowledge Base

Creating a Self‑Signed Certificate

by Heinrich Linnert

This article describes how to create a self‑signed certificate for use with the Quintessence Engine. The certificate generated through these steps includes all required DNS names and is valid for 50 years.

Step 1: Identify the Server Hostname and Domain

Before generating a certificate, determine the hostname and fully qualified domain name (FQDN) of the server on which the Quintessence Engine will run.

Run the following PowerShell command:

[System.Net.Dns]::GetHostEntry("localhost").HostName

Example output:

AlphaMachine.test.co.za

This value will be used to populate the certificate’s DNS names.

Step 2: Create the Self‑Signed Certificate

To ensure compatibility with version 25.x and later, the certificate should include all required DNS names, including planned API and Data Explorer endpoints.

The DNS names to include are:

  • AlphaMachine.test.co.za
  • AlphaMachine
  • api.AlphaMachine.test.co.za (future use – v26.x)
  • api.AlphaMachine (future use – v26.x)
  • dataexplorer.AlphaMachine.test.co.za (future use – v26.x)
  • dataexplorer.AlphaMachine (future use – v26.x)

Use the following PowerShell command to generate the certificate (valid for 50 years):

New-SelfSignedCertificate `
  -Subject "CN=Quintessence" `
  -DnsName "AlphaMachine.test.co.za", `
           "AlphaMachine", `
           "api.AlphaMachine.test.co.za", `
           "api.AlphaMachine", `
           "dataexplorer.AlphaMachine.test.co.za", `
           "dataexplorer.AlphaMachine" `
  -CertStoreLocation "cert:\LocalMachine\My" `
  -NotAfter (Get-Date).AddYears(50)

The certificate will be created in the Local Machine → Personal (My) certificate store.

Step 3: Trust the Certificate

To make the generated certificate trusted by the local machine:

  1. Open Microsoft Management Console (MMC).
  2. Add the Certificates (Local Computer) snap‑in.
  3. Navigate to:
    Certificates → Personal → Certificates
  4. Locate the newly created certificate (CN=Quintessence).
  5. Copy it into:
    Certificates → Trusted Root Certification Authorities → Certificates

Once moved, the certificate will be trusted by all applications running on the server.

Related Posts

Layouts

November 8, 2024

User Access Control

November 8, 2024