How to obtain and install an SSL certificate for Guard1 Real Time

Published: 2020-08-24


Last Updated: 2020-08-24



Applies To



Why You Need an SSL Certificate

An SSL certificate is required to enable secure communication between the Guard1 mobile devices and the Guard1 server. The Android operating system on the mobile device contains a master list of Trusted Root Certificates from the major certificate providers. Your certificate should be issued by one of these providers.


If you are unable to obtain a trusted third-party certificate for your on-premises Guard1 server, your Guard1 Account Manager can discuss the option of a hosted system.


Your Guard1 system also requires that you have a public Fully Qualified Domain Name (FQDN). If your Guard1 server’s FQDN is not public, you may work around this by creating a Forward Lookup Zone for your public domain on your internal DNS server and adding a DNS alias. This is often referred to as Split DNS.  See Step 1 below.


If you are unable to provide a public FQDN for your Guard1 server, ask your Guard1 sales team about a hosted Guard1 Real Time system instead.



Step 1 (optional): Create Split DNS

If you need Split DNS, follow the directions below. If not, skip to Step 2: Create a Certificate Request File.


  1. In your DNS Microsoft Management Console (MMC), right-click on your DNS server's name and select New Zone...

  1. In the New Zone Wizard, click Next.
  2. Leave the default Primary zone selected and unselect Store the zone in Active Directory.
  3. Click Next.
  4. Select Forward lookup zone and click Next.
  5. In the Zone name field enter your public Domain Name, then click Next.

  1. On the Zone File page, leave the default options selected and click Next.
  2. On the Dynamic Update page select Do not allow dynamic updates, then click Next.
  3. Click Finish. Your newly created zone will appear under Forward Lookup Zones in the DNS MMC.
  4. Right-click on the new zone and select New Alias (CNAME)....
    1. In the Alias name field, enter your Guard1 server's internal FQDN.
    2. In the Fully qualified domain name (FQDN) field, enter your Guard1 server's public FQDN.
    3. Click OK.


You will use the new Guard1 server public FQDN alias you just created for your certificate request.



Step 2: Create a Certificate Request File

  1. On your Guard1 server, click Start > Run (or press WIN+R) to open the Run dialog.
  2. Type MMC and press Enter.  The Microsoft Management Console will open.
  3. Click File > Add/Remove Snap-in... (or press CTRL+M).
  4. In the Available snap-ins list on the left, double-click Certificates.
  5. Select Computer Account, then click Next.
  6. Select Local Computer and click Finish.
  7. Click OK.
  8. In the left pane, double-click Certificates (local computer).
  9. Right-click the Personal folder and select All Tasks > Advanced Operations > Create Custom Request.
  10. Click Next.
  11. Select the option Proceed without enrollment policy, then click Next.
  12. In the Template dropdown, select (No Template) Legacy Key, then select PKCS #10 as the Request format.
  13. Click Next.
  14. Expand the Details section by clicking the down arrow, then click Properties.

  1. On the General tab:
    1. In the Friendly name and Description fields, enter the Guard1 server's public FQDN.
  2. On the Subject tab:
    1. In the Subject name section, select Common name in the Type dropdown.
    2. Enter the Guard1 server's public FQDN in the Value field, then click the Add> button.
    3. In the Alternative name section, select DNS in the Type dropdown.
    4. Enter the Guard1 server's public FQDN in the Value field, then click the Add> button.
    5. Click Apply.
  3. On the Private Key tab:
    1. Click the down arrow for the Key options section.
    2. Set the Key size to 2048.
    3. Check the Make private key exportable box.
    4. Click OK.
  4. In the Certificate Enrollment window, click Next.
  5. Click the Browse... button. Select a location to save the request file, then enter the desired file name in the File name field and click OK.
  6. Select the Base 64 file format, then click Finish.  Your certificate request file is now ready.


If you open the file with Notepad it will look like this:


You are now ready to purchase your certificate and provide the request file to the certificate provider.



Step 3: Purchase an SSL Certificate

Using the trusted third-party certificate authority of your choice, purchase a server certificate. This can be a single host, UCC/SAN, or wildcard SSL certificate.



Step 4: Submit the Certificate Request File

The process will vary depending on your certificate provider. Once completed you will receive a .CRT file from your certificate provider.



Step 5: Import the Certificate

  1. On your Guard1 server, follow steps 1-8 of Step 2: Create a Certificate Request File.
  2. In the left pane, right-click the Personal folder and select All Tasks > Import...
  3. At the Welcome to the Certificate Import Wizard window, click Next.
  4. Click Browse... and select the .CRT file you received from your certification provider. Click Open.
  5. Click Next.
  6. Select Place all certificates in the following store.
  7. Verify that Personal is entered in the Certificate Store field, then click Next.
  8. Click Finish, then click OK for The import was successful window.
  9. Close the Management Console.


Your new certificate is now ready for use.