Using a private certificate means that the system owner wants to use their own certificate instead of BioStar 2 certificate for HTTPS communication. Therefore, it’s necessary for the system owner to manage and refresh a certificate manually following the instructions below: 


Customer should provide public certificate of signing CA, this then needs to be added to the bottom of the biostar_cert certificate, so the system has a full chain, if an intermediate signing cert is used, they need to be inserted in order. biostar_cert > intermediate cert > CA cert


BioStar 2 does not support the private certificate with the wildcard domain.
For example, if you publish the private certificate with the domain name including "*" such as *.supremainc.com, you cannot use the private certificate with BioStar 2. Please generate a full domain name and then assign that to BioStar 2 server as follows.


For BioStar 2.8.14 and above

Because of changes in the software in BioStar 2.8.14 we move from java to OpenJDK.


1. Run command prompt with administrator privilege.


1.1 Enter the below command to run the program OpenSSL.

cd C:\Program Files\BioStar 2(x64)\ta\OpenSSL-Win32\bin



2. Create a p12 with a private certificate's crt and key file with the command below: 

openssl pkcs12 -export -in mycert.crt -inkey mycert.key -out biostar_cert.p12 -name "biostar"


* You can replace the file name of mycert.crt and the mycert.key to your private certificate file name.


i.e. if you have a test.crt and a test.key file, you can use the below command.

openssl pkcs12 -export -in test.crt -inkey test.key -out biostar_cert.p12 -name "biostar"


Then, there will be biostar_cert.p12 file as the above command result.



[Reference]

[Note] Openssl is installed with BioStar 2 and it is in the following directory: C:\Program Files\BioStar 2(x64)\ta\OpenSSL-Win32\bin 

          At that time, "Enter Export Password: "  input window occurs and should enter "PASSWORD" which is provided by Suprema team.

[Note] For the password, please contact Suprema Support Team.

[Important] In case you are working with your own certificate you should use your OWN certificate PASSWORD


2.1 Go to C:\Program Files\BioStar 2(x64)\ta\OpenSSL-Win32\bin.


2.2 Edit the name of .key and .crt to biostar_cert.crt and biostar_cert.key in C:\Program Files\BioStar 2(x64)\ta\OpenSSL-Win32\bin.



3. Copy the created '.p12', '.key', '.crt' files to C:\Program Files\BioStar 2(x64)\nginx\conf


[Note] AC uses ".*p12" file, but TA uses "biostar_cert.key" and "biostar_cert.crt" directly.

           So the key and crt files which are used to create the "*.p12" files should be renamed to "biostar_cert" and replace to 'biostar_cert.key' and 'biostar_cert.crt'. (original biostar_cert.* files)



4. Create jks file through java keytool to adjust private certification in the site.

[Caution] The password should be received by Suprema Support Team.

keytool -importkeystore -srckeystore biostar_cert.p12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype jks



5. Stop Core Web Server and BioStar 2 service in BioStar Setting


6. Open C:\Program Files\BioStar 2(x64).


7. Backup system.conf and setting.conf file.


8. Run command prompt with administrator privilege.


9. Type cd "C:\Program Files\BioStar 2(x64)"


10. Run below command 

JAVA location: C:\Program Files\BioStar 2(x64)\jre\bin\ 
java -cp "C:\Program Files\BioStar 2(x64)\util";"C:\Program Files\BioStar 2(x64)\util\lib\google-collect-1.0.jar";"C:\Program Files\BioStar 2(x64)\util\lib\gson-2.8.2.jar" BioStarSetup "C:\Program Files\BioStar 2(x64)"


11. Restore the system.conf and setting.conf file to C:/Program Files/BioStar 2(x64).


12. Start the Core Web Server and BioStar 2 service in BioStar Setting




For BioStar 2.6 and above

Because of changes in the software in BioStar 2.6 the java key store has to be created to be used with the Spring WebServer.


1. Run command prompt with administrator privilege.


1.1 Enter the below command to run the program OpenSSL.

cd C:\Program Files\BioStar 2(x64)\ta\OpenSSL-Win32\bin



2. Create a p12 with a private certificate's crt and key file with the command below: 

openssl pkcs12 -export -in mycert.crt -inkey mycert.key -out biostar_cert.p12 -name "biostar"


* You can replace the file name of mycert.crt and the mycert.key to your private certificate file name.


i.e. if you have a test.crt and a test.key file, you can use the below command.

openssl pkcs12 -export -in test.crt -inkey test.key -out biostar_cert.p12 -name "biostar"


Then, there will be biostar_cert.p12 file as the above command result.



[Reference]

[Note] Openssl is installed with BioStar 2 and it is in the following directory: C:\Program Files\BioStar 2(x64)\ta\OpenSSL-Win32\bin 

          At that time, "Enter Export Password: "  input window occurs and should enter "PASSWORD" which is provided by Suprema team.

[Note] For the password, please contact Suprema Support Team.


2.1 Go to C:\Program Files\BioStar 2(x64)\ta\OpenSSL-Win32\bin.


2.2 Edit the name of .key and .crt to biostar_cert.crt and biostar_cert.key in C:\Program Files\BioStar 2(x64)\ta\OpenSSL-Win32\bin.



3. Copy the created '.p12', '.key', '.crt' files to C:\Program Files\BioStar 2(x64)\nginx\conf


[Note] AC uses ".*p12" file, but TA uses "biostar_cert.key" and "biostar_cert.crt" directly.

           So the key and crt files which are used to create the "*.p12" files should be renamed to "biostar_cert" and replace to 'biostar_cert.key' and 'biostar_cert.crt'. (original biostar_cert.* files)



4. Create jks file through java keytool to adjust private certification in the site.

[Caution] The password should be received by Suprema Support Team.

keytool -importkeystore -srckeystore biostar_cert.p12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype jks



5. Stop Core Web Server and BioStar 2 service in BioStar Setting


6. Open C:\Program Files\BioStar 2(x64).


7. Backup system.conf and setting.conf file.


8. Run command prompt with administrator privilege.


9. Type cd "C:\Program Files\BioStar 2(x64)"


10. Run below command 

java -cp "C:\Program Files\BioStar 2(x64)\util";"C:\Program Files\BioStar 2(x64)\util\lib\google-collect-1.0.jar";"C:\Program Files\BioStar 2(x64)\util\lib\gson-2.8.2.jar" BioStarSetup "C:\Program Files\BioStar 2(x64)"


11. Restore the system.conf and setting.conf file to C:/Program Files/BioStar 2(x64).


12. Start the Core Web Server and BioStar 2 service in BioStar Setting



For BioStar 2.5 and below 

Please refer to the attached PDF.