Tutorial: Using SSL certificates with the NI Application Webserver

Updated Dec 18, 2019

Reported In

Software

  • LabVIEW

Issue Details

The NI Application Web Server interface provides a simple way to add a self-signed certificate for hosting encrypted websites. However it is often necessary to use a certificate that has been signed by an external certificate authority (CA). This guide will cover the steps for generating the certificate signing request (CSR) and private keys, getting a matching certificate and key combo, and then use it to host a LabVIEW application with the NI application webserver.

Solution

Generating the Private Key and Certificate Signing Request (CSR)

There are a couple of ways to generate a CSR, here are the top 3.

NOTE: It is vital that you save a backup of your private key when you generate the CSR. If you get a signed certificate, but are missing the private key, you will not be able to use that signed certificate.

1.       Using OpenSSL

 OpenSSL is a free open source implementation of the SSL and TLS protocols. Many SSL based tools (Including some from NI) use OpenSSL as their starting point.

 This article provides detailed steps for using OpenSSL to generate a CSR 

We recommend using OpenSSL for any sort of application that requires lots of customizability, compatibility, and will be hosted on the internet. 

2.       Using The NI Web Server Configuration

Go to the HTTPs tab and fill out the required information. The CSR and key will be saved under
C:\Program Files\National Instruments\Shared\Web Server\certs

 

3.       Using the NI Application Server Web-Based configuration

Go to the Open Certificate Signing requests folder and click on the symbol underneath. Once you fill out the form, it will install a certificate and private key under C:\ProgramData\National Instruments\certstore\open_csrs


 

Creating a Signed Certificate File

There are 2 main ways for generating a certificate from a CSR.

1.       Self-signed Certificate.
This can be done using either OpenSSL or the NI Application Web-based configuration. Keep in mind that you have to used the software where the original key and CSR were first generated. Also most browsers will block secure connections to websites hosted with a self-signed certificate.

2.       Using a certification Authority.
A certificate authority is a 3rd party company that can verify the information in your CSR and generate a trusted certificate with your CSR. This is the proper way to create a signed certificate for hosting applications on the web.
 

Installing the Signed Certificate using the NI application Web-based configuration service.

  • If you are using a self-signed certificate generated by the NI Application Web-based configuration, you can just select the Web-Based configuration and click Install Certificate…
  • Certificates and keys that were generated differently are a little trickier. The NI application Web-Based configuration does not have a native way to import keys and certificates. The easiest way to import an external certificate and key pair is the following:
  1. Create a new Self-Signed Certificate. It does not matter what the information is entered.
  2. Replace the key and certificate generated with your external pair. Make sure you keep the same names that were generated by the web service.
  3.  Now the Self-Singed Certificate will be linked to that external Certificate Key Pair.