HTTPS - Requirements for the SSL certificate
- Hendrik van der Tuin
Important notice:
Please note that Android has no support for internal certificates, this means that you cannot generate a certificate from an internal certificate server and use this for TEOS. This is because Android will not allow us to install any additional CA certificates, because of this the internal certificate will not be recognized by Android and all HTTPS requests will fail. This will impact the ability to display content on all Android devices.
From version 3.0 and above you will only need to have a certificate for <teosdomainname>, other sub domains will not be used anymore
Before you can generate your SSL Certificate, the certificate requester must create a Certificate Signing Request (CSR) for a domain name or hostname on your web server. The CSR is a standardized way to send the issuing Certificate Authority (CA) your public key, which is paired with a secret private key on the server, and provides relevant information about the requester as indicated below:
Common Name (CN): This is the Fully Qualified Domain Name (FQDN) of your server (i.e. www.pro.sony). The CN needs to match the TEOS domain name which you have used for your installation.
Organization Name (O): The legal name of your company/organization (i.e. Google, Inc.). Do not abbreviate your company name and it should include the corporate identifier such as Inc., Corp, or LLC (if applicable). For DV orders, you can use your personal name (i.e. John Doe).
Organization Unit (OU): The unit or division of the company/organization managing the certificate (i.e. IT Department).
Locality (L): The city that you are located in (i.e. Basingstoke)
State or Province Name (ST): The state or province in which you are located in (i.e. London)
Country (C): The country in which you are located in (i.e. United Kingtom or UK)
Email Address: An email address associated with the company (i.e. webmaster@sony.com)
Make sure the certificate is a multidomain or wildcard certificate to cover all the URL’s which TEOS uses.
If you request a wildcard certificate (*.<teosdomainname>.tld) please make sure the hostname (TEOS domain name which is entered into the browser for opening the TEOS web interface) is also included in the wildcard certificate. Some wildcards cover the hostname by default but this is not the case for all wildcard certificates.
If you choose to request a multi-domain certificate please make sure it covers the following hostnames:
<teosdomainname> |
app.<teosdomainname> |
backup.<teosdomainname> |
dataservice.<teosdomainname> |
designer.<teosdomainname> |
eventservice.<teosdomainname> |
fileprocessor.<teosdomainname> |
filesyncservice.<teosdomainname> |
googlecalendar.<teosdomainname> |
html.<teosdomainname> |
licenseservice.<teosdomainname> |
logging.<teosdomainname> |
meetingroom.<teosdomainname> |
office365.<teosdomainname> |
powerservice.<teosdomainname> |
presentationservice.<teosdomainname> |
proofofplay.<teosdomainname> |
sonysalesapp.<teosdomainname> |
statsservice.<teosdomainname> |
updateservice.<teosdomainname> |
vw.<teosdomainname> |
watcherservice.<teosdomainname> |
You can use the following link to download this manual as a PDF-file.
Related articles