SWIM Demo Server-Certificates-Configuring SSL certificates in browsers
SWIM Weather Public Demonstration > SWIM Demo Server-Working with Certificates >

Configuring SSL certificates in browsers

For endpoints which require SSL client certificates for connection, setup is required for proper access.

In general, there are 3 main prerequisites which need to be completed by the client:

  • Clients need to obtain valid Client certficate in order to be able to access the service
  • Browser needs to trust SSL certificate of the server it is connecting to.
  • When Accessing service through browser, certificate needs to be imported there in order to be used for authentication

Table of contents:

How to apply for an SSL client certificate for testing

Both AMQP and EDR services are available through endpoints, which allow connections with SSL client certificates. In order to be able to use these services, you have two options:

  1. Authenticate with HARICA SSL certificate - service supports client certificates issued by HARICA.
    • In order to be able to authenticate with your HARICA client certificate, please write an email to swim@iblsoft.com and provide your email as displayed in your SSL client certificate.
    • After we allow certificate with your email address in the service configuration, you should be able to access the service.
  2. If you do not have a client certificate issued by HARICA yet, you can alternatively connect to the service using SSL with a test certificate produced by IBL.
    • Please write an e-mail to swim@iblsoft.com with information which will be used for certificate generation:
      • Your organisation name
      • A contact e-mail address.

We will provide you with the client certificate and related private key, signed by IBL, for testing purposes.

How to trust server's certificate in browsers on Linux

EDR Service is secured by testing certificate issued by Harica within Harica's testing environment. By default, Root Certificate Authority from this testing environment is not well known (meaning it does not appear among certificates installed by default in major OS). This results in security warnings issued by browsers, if you try to connect to a service secured by certificate issued by this Certificate Authority.

In order for this certificate to be trusted by your browser, you need to import Harica root certificate to your browser. Download Harica root certificate from https://repo-stg.harica.gr/certs/HARICA-TLS-Root-2021-RSA.cer


Hint

If the above download link for the Harica staging root certificate displays a security error in your browser, you can download a copy from us:


Firefox

  1. Open browser and go to settings. Under "Privacy and Security", look for "Certificates". Click "View certificates" button.


  2. In the window, go to "Authorities" tab and select "Import"

  3. Find downloaded certificate and select it. Window will popup, where you should tick "Trust this CA to indentify websites". Click OK.
  4. You should now see imported CA among authorities:

Google Chrome

  1. Open browser and go to settings

  2. Under "Privacy and Security", look for "Security". Underneath, click "Manage Certificates" option.

  3. Select "Local certificates" section from the left menu. "Custom" section should appear now, select it.

  4. You should now see "Trusted Certificates" category, it should be empty unless you imported another certificate previously. Click the "Import" button.

  5. Select the downloaded root certificate.
  6. You should now see imported certificate among trusted certificates.

How to connect with a HARICA-issued certificate in browser on Linux

For testing EDR requests from a web browser, your need to add your client certificate into the browser.

Firefox

  1. Open browser and go to settings. Under "Privacy and Security", look for "Certificates". Click "View certificates" button.


  2. In "Your Certificates" tab, click Import.

  3. Find your client certificate in PKCS 12 (.p12) format. Select it.
  4. Once the certficate is imported, you should see it among "Your certificates"

  5. Now, when accessing the website which requires certificate for authentication, you should be prompted to select certificate. Select your imported certificate and click OK.

  6. After the selection, access to the service should work properly.

Google Chrome

  1. Open browser and go to settings

  2. Under "Privacy and Security", look for "Security". Underneath, click "Manage Certificates" option.

  3. Select "Your certificates" section from the left menu. You should see imported certificates, click this button.



  4. Click import button from the next menu



  5. Select certificate you want to import. If you are prompted for password, type in the password of the certificate.

  6. Once the certificate is imported, you should see it among client certficates.

  7. Now you should be prompted with option to select the client certificate when accessing the website

How to trust server's certificate on Windows

  1. Add HARICA root certificate in certmgr (Manage user certificates)
  2. Click on Trusted Root Certification Authorities
  3. Right click on Trusted Root Certification Authorities > All tasks > Import
  4. Click Next
  5. Pick HARICA-xxx.cer
  6. Select Automatically select the certificate store based on type of certificate
  7. Click Finish

How to connect with a HARICA-issued certificate in browser on Windows

  1. Add client certificate
  2. Right click on Personal > Authorities > All tasks > Import
  3. Select .p12 file
  4. Enter password
  5. Select Automatically select the certificate store based on type of certificate
  6. Click Finish
  7. Restart browser (on Chrome it is chrome://restart)
  8. To check on Chrome, go to Privacy and security > Security > Manage certificates
  9. In Custom, there should be HARICA root certificate
  10. In Your certificates, there should be the client certificate under View imported certificates from Windows