Certain users of BioStar 2 who use custom https domain for connecting BioStar 2 instead of using an IP address cannot use the default certificate which provides from BioStar 2 Software. It is because BioStar 2 software provides an IP based HTTPS certificate. 

>The default certificate is embedded in BioStar 2 installation file.


This article is for users who have personally created or have obtained 3rd party private certificates for BioStar 2 
- Re-created certificate using BioStar 2 software
- Creating a certificate using Open SSL
- Obtained from private certificate companies 
- Obtained from public certificate companies


You can face below issues if you have not bundled your certificate properly and applied it correctly to BioStar 2 

or where certificate does not match with Java KeyStore

  • Can not reset nor save[Device Group List]

  • Can  not reset nor save [Device List] 

  • Can not reset nor save [Access Level Door List] 

  • Can not reset nor save [Elevator Group List]

  • Can not reset nor save [User Group List]

  • Can not reset nor save [User ID] 

  • Can not call [User ID Sync] 

  • Can not reset nor save [User ID & Email] 

  • Can not call active directory and causes [Automatic Log Out] 

If you are facing above issues, first check your certificates for BioStar 2 


Check Point 1. File size of your certificate located in C:\Program Files → BioStar 2(x64) → nginx → conf


As you see in this image, you can see a [key file], a [crt file] and an incorrectly combined [p12 file] 

A properly bundled certificate [crt file] size must be greater than [p12 file] size


Check Point 2. Validity of the certificate


  1. Open your crt file using [Crypto Shell Extensions] 

       b. Go to certification Path to export certificate to re-bundle certificate properly

       c. Click on [Second stack certificate] and click[view certificate] 

   

       d. Export the file in [Base- 64 encoded X.509 (.CER)]

           >Since BioStar 2 and P12files use Base 64, the format MUST be Base -64

       e. Have a separate folder for the newly bundled/created certificate, name of the file could be user's preference 

       f. Repeat the same process for [Root Certificate CA] 

       g. Now, in the separate folder for newly bundled/created certificate must have 

  • biostar_cert.key 
  • biostar_cert.p12 (incorrect certificate file)
  • biostar_cert.crt
  • Newly exported second stack certificate file [name.cer] 
  • Newly exported Root CA [name.cer]

       h. Download XCA Program

       i. Run XCA Program → File → New Database → Select the folder created solely for newly bundled/created certificate  

           Note: Password is not a must factor, but is recommend to add 

       j. Click Import → Select below files from the folder created solely for newly bundled/created certificate

1. biostar_cert.crt 

2. Newly exported second stack certificate file [name.cer] 

3.  Newly exported Root CA [name.cer]

       k. After importing files click and check to see if the certificates are stacked in three (some certificates could be more                than three) 

l. Select all three files and then click → Export 

Caution : File Name must be biostar_cert , File Format must be PEM Chain(*pem)


j. import cert.key file in to private keys 

k. check the avialibty of the private key & validity of the cert.key with the newly made bundled certificate

&

l. After checking the validity of the cert.key → Go back to Private Key → Export the key , this newly made cert.key will be the new key for the newly bundled certificates

Caution : File Name must be biostar_cert_key , File Format must be PEM.private(*pem)


j. Go back to → Certificates → ONLY Click on the lowest stack and export the file 


Caution:File Name Must be biostar_cert_new File Format Must be PKCS#12(*pfx) or PKCS12(*p12)
Create Password to your liking


k. Install KeyStore Explorer to combine/bundle newly made certificates correctly 

l. Open Key Store → Create a new Key Store → JKS → import the original biostar_cert.p12 (incorrect certificate file)


 

contact your designated SUPREMA TECH SUPPORT or create a new ticket to receive the password for the original bopstar_cert.p12 password

m. click on import key pair → PKCS#12→  import the newly made biostar_cert.p12 

Caution: Import → Alias name must be biostar

Enter New Password as you desire →Click Ok

n. Save the newly created key pair


Caution: File name must be keystore.jks File format must be KeyStoreFiles


o. Go to BioStar 2 File → nginx → conf

>Make a back up file before applying the new combined/bundled certificates 


p. Final result of newly combined/bundled certificates must be as below located in BioStar 2 File → nginx → conf 

Bundled/Combined certificates name must be 
- biostar_cert.crt (biostar_cert.pem (*pem)chain type)
- biostar_cert.p12 (newly created PKCS#12(*pfx) or PCKS#12(*p12)
- biostar_cert.key (biostar_cert_kery (*pem)
- keystore.jks