1.1. Most modern UCS softwares use certificates for SSL connections.
1.2. Certificates are made for each network host (server) separately.
1.3. Those certificated network hosts belong to their owners (dealers, customers), who should get their own certificates.
1.4. There are plenty of different companies, which sell internet-identification and encryption in this world.
1.5. You are able to purchase valid certificate from globally-trusted authority or make your own (free), even self-signed.
1.6. There are some public services exist, which can make you free trusted certificates (search online).
1.7. You can manage your certificates with some personal software, including modifications and change format.
2.1. Web interface
2.1.1. There is preset self-signed certificate for RK7 web interface (valid for host name rk7.local) located in \BASE\httpKeys\ and \BaseData\httpKeys\ folders.
220.127.116.11. Default filename is default.pem.
2.1.2. User (dealer) own cerificate must be put to same folder (as preset) and it should be named mylocal.pem
18.104.22.168. You need to restart server to enable new certificate.
2.1.3. User certificate must be in "text" file with .pem extension and format.
22.214.171.124. You can make this file with some free software, like openssl
openssl pkcs12 -in mylocal.pfx -out mylocal.pem -nodes
2.1.4. Certificate should be made with the following properties:
Subj name – DNS server host name
Alternative name - no need
Must enable purpose: server authentication
Key type – "exchange" or "signature" (default is "exchange"). Exchange - means for data encryption
Key size: 2048
Algorythm: sha256 and hash sha256RSA
Private key must be exportable. Key (private) must be inside .pem with certificate
No limits for crypto-provider choice
2.1.5. You cannot use wildcard certificate. Use *.DomainName.local.