1. Common

1.1. Most modern UCS softwares use certificates for SSL connections.

1.2. Certificates are made for each network host (server) separately.

1.3. Those certificated network hosts belong to their owners (dealers, customers), who should get their own certificates.

1.4. There are plenty of  different companies, which sell internet-identification and encryption in this world.

1.5. You are able to purchase valid certificate from globally-trusted authority or make your own (free), even self-signed.

1.6. There are some public services exist, which can make you free trusted certificates (search online).

1.7. You can manage your certificates with some personal software, including modifications and change format.

1.7.1. Try free https://www.openssl.org/ tools. There are builds for Windows OS http://slproweb.com/products/Win32OpenSSL.html exist.

2. RK7

2.1. Web interface

2.1.1. There is preset self-signed certificate for RK7 web interface (valid for host name rk7.local) located in \BASE\httpKeys\ and \BaseData\httpKeys\ folders. Default filename is default.pem.
2.1.2. User (dealer) own cerificate must be put to same folder (as preset) and it should be named  mylocal.pem You need to restart server to enable new certificate.

2.1.3. User certificate must be in "text" file with .pem extension and format. You can make this file with some free software, like openssl

openssl pkcs12 -in mylocal.pfx -out mylocal.pem -nodes

2.1.4. Certificate should be made with the following properties:

  1. Subj name – DNS server host name

  2. Alternative name - no need

  3. Must enable purpose: server authentication

  4. Key type – "exchange" or "signature" (default is "exchange"). Exchange - means for data encryption

  5. Key size: 2048

  6. Algorythm: sha256 and hash sha256RSA

  7. Private key must be exportable. Key (private) must be inside .pem with certificate

  8. No limits for crypto-provider choice

2.1.5. You cannot use wildcard certificate. Use *.DomainName.local.