Self Signed import

content/en/docs/2024.1/Reference/troubleshooting/installation.md

@@ -255,7 +255,7 @@ Ensure that the Application Services are healthy by following these steps:
 1. Log on to one of the Application Servers and open a web browser.
 1. Navigate to `https://app-server.domain.com:9080/Explorer`, where `app-server.domain.com` is the fully qualified domain name of any Application Server. Replace `9080` with new `httpGatewayEndpointPort` value if it was changed during configuration.
 
-    If page access is denied it may be necessary to import the server certificate used in installation to the Current User certificate store (usually achieved by double clicking on it and following the wizard). If using self-signed certificates, the certificate can be retrieved by using the `Manage Computer Certificates` tool in Windows to export the CortexServerCertificate from the `Personal` store and then importing it to the Current User store by double-clicking on it and following the wizard. The browser may need to be restarted before the site can be accessed
+    If page access is denied it may be necessary to import the server certificate used in installation to the Current User certificate store (usually achieved by double clicking on it and following the wizard). If using self-signed certificates, the certificate can be retrieved by using the `Manage Computer Certificates` tool in Windows to export the `CortexServerCertificate` from the `Personal` store as a pfx file and then importing it to the `Current User` store by double-clicking on it and following the wizard. The certificate must also be imported to `Trusted Root Certification Authorities` in the `Local Computer` store. The browser may need to be restarted before the site can be accessed.
 
     The screen should resemble that in the following figure, all services should have `Health State = OK` and `Status = Active`. All instances below the service should have Health State = OK and Status = Ready.
 

content/en/docs/2024.1/_shared/install-application-server/multi-server/check-application-services.md

@@ -1,7 +1,7 @@
 1. Log on to one of the Application Servers.
 1. Import the client certificate, used in the `ClientCertificatePath` parameter of the [Configure Installation Script][] section, to your Current User certificate store. This can be achieved by double-clicking on the client certificate .PFX file and following the wizard.
 
-    If using self-signed certificates, the certificate can be retrieved by using the `Manage Computer Certificates` tool in Windows to export the `CortexServerCertificate` from the `Personal` store and then importing it to the `Current User` store by double-clicking on it and following the wizard.
+    If using self-signed certificates, the certificate can be retrieved by using the `Manage Computer Certificates` tool in Windows to export the `CortexServerCertificate` from the `Personal` store as a pfx file and then importing it to the `Current User` store by double-clicking on it and following the wizard. The certificate must also be imported to `Trusted Root Certification Authorities` in the `Local Computer` store.
 1. Open a web browser.
 1. Navigate to `https://app-server.domain.com:9080/Explorer`, where `app-server.domain.com` is the fully qualified domain name of any Application Server. Replace `9080` with new `httpGatewayEndpointPort` value if it was changed during configuration.
 

content/en/docs/2024.1/_shared/install-application-server/single-server/check-application-services.md

@@ -1,7 +1,7 @@
 1. Log on to the server.
 1. Import the certificate, used in the `ServerCertificatePath` parameter of the [Configure Installation Script][] section, to your `Current User` certificate store. This can be achieved by double-clicking on the certificate .PFX file and following the wizard.
 
-    If using self-signed certificates, the certificate can be retrieved by using the `Manage Computer Certificates` tool in Windows to export the `CortexServerCertificate` from the `Personal` store and then importing it to the `Current User` store by double-clicking on it and following the wizard.
+    If using self-signed certificates, the certificate can be retrieved by using the `Manage Computer Certificates` tool in Windows to export the `CortexServerCertificate` from the `Personal` store as a pfx file and then importing it to the `Current User` store by double-clicking on it and following the wizard. The certificate must also be imported to `Trusted Root Certification Authorities` in the `Local Computer` store.
 1. Open a web browser.
 1. Navigate to `https://server.domain.com:9080/Explorer`, where `server.domain.com` is the fully qualified domain name of the server. Replace `9080` with new `httpGatewayEndpointPort` value if it was changed during configuration.
 

content/en/docs/2024.1/getting-started/on-premise/add-observability-to-innovation/Grafana/advanced/self-signed-certificates.md

@@ -86,6 +86,7 @@ Self-signed certificates should be generated using OpenSSL which is bundled in t
         localityName_default            = Southampton
         0.organizationName_default      = Cortex Ltd
         organizationalUnitName_default  = We Are CORTEX 
+        commonName_default              = Cortex CA
         emailAddress_default            = [email protected]
         [ v3_ca ]
         # Extensions for a typical CA (`man x509v3_config`).
@@ -102,7 +103,7 @@ Self-signed certificates should be generated using OpenSSL which is bundled in t
         openssl req -sha256 -x509 -new -nodes -key cortexCA.key -days 3650 -out cortexCA.pem -config ca.cnf
         ```
 
-    1. Press `Enter` for all parameters except the Common Name. For this enter `CortexServerCertificate`.
+    1. Press `Enter` for all parameters except the Common Name. For this enter `Cortex CA`.
 
 1. Package your public and private key in a pkcs12 encrypted file (to install with certmgr on windows) by running the following command:
 
@@ -180,6 +181,7 @@ Self-signed certificates should be generated using OpenSSL which is bundled in t
         localityName_default            = Southampton
         0.organizationName_default      = Cortex Ltd
         organizationalUnitName_default  = We Are CORTEX 
+        commonName_default              = CortexServerCertificate 
         emailAddress_default            = [email protected]
         [ v3_req ]
         basicConstraints = CA:FALSE
@@ -188,7 +190,7 @@ Self-signed certificates should be generated using OpenSSL which is bundled in t
         [ alt_names ]
         # Specify all DNS and/or IP addresses that clients can use to access the secured resource.
         DNS.1 = MACHINE-NAME 
-        DNS.2 = FULLY QUALIFIED MACHINE NAME
+        DNS.2 = FULLY QUALIFIED MACHINE NAME / WILDCARD DOMAIN NAME
         DNS.3 = localhost 
         IP.1 = IP ADDRESS
         IP.2 = 127.0.0.1 
@@ -199,7 +201,7 @@ Self-signed certificates should be generated using OpenSSL which is bundled in t
     | Resource URL                          | Configuration to add              |
     |---------------------------------------|-----------------------------------|
     | `https://wearecortex.com/gateway`        | `DNS.1 = wearecortex.com`              |
-    | `https://internal.wearecortex.com/gateway` | `DNS.2 = internal.wearecortex.com`     |
+    | `https://internal.wearecortex.com/gateway` | `DNS.2 = internal.wearecortex.com` <br>  `or` <br> `DNS.2 = *.wearecortex.com`    |
     | `https://10.0.0.0/gateway`              | `IP.1 = 10.0.0.0`                   |
     | `https://192.168.1.100/gateway`         | `IP.2 = 192.168.1.100`              |
 
@@ -210,7 +212,7 @@ Self-signed certificates should be generated using OpenSSL which is bundled in t
         openssl req -new -sha256 -key cortex.key -out cortex.req -extensions v3_req -config san.cnf
         ```
 
-    1. Press `Enter` for everything except the Common Name. For this enter `Cortex`.
+    1. Press `Enter` for everything. The Common Name must stay as `CortexServerCertificate`.
     1. Sign the request with a previously generated root CA by running the following command:
 
         ```powershell

content/en/docs/2024.1/getting-started/on-premise/install-innovation-only/advanced/self-signed-certificates.md

@@ -86,6 +86,7 @@ Self-signed certificates should be generated using OpenSSL which is bundled in t
         localityName_default            = Southampton
         0.organizationName_default      = Cortex Ltd
         organizationalUnitName_default  = We Are CORTEX 
+        commonName_default              = Cortex CA
         emailAddress_default            = [email protected]
         [ v3_ca ]
         # Extensions for a typical CA (`man x509v3_config`).
@@ -102,7 +103,7 @@ Self-signed certificates should be generated using OpenSSL which is bundled in t
         openssl req -sha256 -x509 -new -nodes -key cortexCA.key -days 3650 -out cortexCA.pem -config ca.cnf
         ```
 
-    1. Press `Enter` for all parameters except the Common Name. For this enter `CortexServerCertificate`.
+    1. Press `Enter` for all parameters except the Common Name. For this enter `Cortex CA`.
 
 1. Package your public and private key in a pkcs12 encrypted file (to install with certmgr on windows) by running the following command:
 
@@ -177,6 +178,7 @@ Self-signed certificates should be generated using OpenSSL which is bundled in t
         localityName_default            = Southampton
         0.organizationName_default      = Cortex Ltd
         organizationalUnitName_default  = We Are CORTEX 
+        commonName_default              = CortexServerCertificate
         emailAddress_default            = [email protected]
         [ v3_req ]
         basicConstraints = CA:FALSE
@@ -185,7 +187,7 @@ Self-signed certificates should be generated using OpenSSL which is bundled in t
         [ alt_names ]
         # Specify all DNS and/or IP addresses that clients can use to access the secured resource.
         DNS.1 = MACHINE-NAME 
-        DNS.2 = FULLY QUALIFIED MACHINE NAME
+        DNS.2 = FULLY QUALIFIED MACHINE NAME / WILDCARD DOMAIN NAME
         DNS.3 = localhost 
         IP.1 = IP ADDRESS
         IP.2 = 127.0.0.1 
@@ -196,7 +198,7 @@ Self-signed certificates should be generated using OpenSSL which is bundled in t
     | Resource URL                          | Configuration to add              |
     |---------------------------------------|-----------------------------------|
     | `https://wearecortex.com/gateway`        | `DNS.1 = wearecortex.com`              |
-    | `https://internal.wearecortex.com/gateway` | `DNS.2 = internal.wearecortex.com`     |
+    | `https://internal.wearecortex.com/gateway` | `DNS.2 = internal.wearecortex.com` <br>  `or` <br> `DNS.2 = *.wearecortex.com`    |
     | `https://10.0.0.0/gateway`              | `IP.1 = 10.0.0.0`                   |
     | `https://192.168.1.100/gateway`         | `IP.2 = 192.168.1.100`              |
 
@@ -207,7 +209,7 @@ Self-signed certificates should be generated using OpenSSL which is bundled in t
         openssl req -new -sha256 -key cortex.key -out cortex.req -extensions v3_req -config san.cnf
         ```
 
-    1. Press `Enter` for everything except the Common Name. For this enter `Cortex`.
+    1. Press `Enter` for everything. The Common Name must stay as `CortexServerCertificate`.
     1. Sign the request with a previously generated Root CA by running the following command:
 
         ```powershell