Manage Certificates

SSL Manager User Guide

SSL Manager Global Settings

The Global Settings section allows you to configure certificate expiration warning settings. These warnings take place whenever any user logs into the Mirth® Connect by NextGen Healthcare Administrator. Proactive, automatic alerts for certificate expiration/revocation are also available with the Advanced Alerting extension. For additional information, see Advanced Alerting - SSL Certificate Validation Trigger. Global Settings section for SSL Manager Login Warnings: If enabled, users will be warned upon login if any certificates are no longer valid (expired or revoked). Time Until Expiration: The minimum amount of time (for example, 7d) before a certificate expires to start warning users. If left blank, zero (0) will be assumed, meaning that users will only be warned when certificates actually reach their validity end dates. Upon logging into the Administrator, if any certificates are expired or are within the Time Until Expiration range, the user will be shown a window like this: Error

SSL Manager User Guide

Import a Public/Private Key Pair

This procedure is essentially the same as importing a public certificate, except that you can only import from a file. (See Import a Public Certificate) . On the right-hand side of the My Certificates area, select Import to open the Import Certificate window. Selecting the Browse Button the Import Certificate Window In the File field, select the Browse... button, and choose a certificate to import. In the Import column ( Import Certificate window - Web Server) , check the boxes of the certificates you want to import, then select the Import button to add the selected certificates to the My Certificates table. The certificate chain is added to the Certificates list. Double-click any of the newly added rows to view details about the alias and to edit the alias. Parent topic: Manage Certificates

SSL Manager User Guide

Import a Public Certificate

On the right-hand side of the Public Certificates table, select Import to open the Import Certificate window. Selecting Import on the Settings Window Select one of the following options to import certificates. Once you enter this information, the certificate chain is added to the Certificates list. Web Server: To pull certificates from an external web server, enter a URL in the https://field, then select the Get Certificates button. File: The File radio button and then the File: field's Browse… button and choose a certificate to import. In the Import column (Import Certificate window – Web Server), select the checkbox next to the certificates you want to import, then select Import. The selected certificates are added to the Public Certificates table. Double-click any of the newly added rows to view details about or edit the alias. Viewing Details for a Key Parent topic: Manage Certificates

SSL Manager User Guide

Create a New Public/Private Key Pair

On the SSL Manager tab, select the New button next to the My Certificates table to open the Generate New Keypair window. Opening the Generate New Keypair window Alias Area Enter the Certificate Alias for the new key pair. This field is required. Alias section with the Certificate Alias field Subject Area Enter the following information in the Subject area: Common Name: Enter the host name associated with the certificate. This is a required field. Organizational Unit: Organization: Country:, State:, Locality: Email:Subject area Validity Area Enter the valid dates for the new key pair: Valid From: Enter the date and time that the certificate becomes valid. Valid Until: Enter the date and time that the certificate validity ends. Validity area Key Generation Area Enter the key generation information: Algorithm: Select either RSA or DSA encryption. Key Size: Select either 2048 or 4096 from the pull-down menu. Signature Algorithm: Select a signature algorithm from the pull-down menu. Key Gen

SSL Manager User Guide

Manage Certificate Signing Requests (CSRs)

To generate a CSR for a self-signed key pair: Select a certificate from the My Certificates table. Select the table's Manager CSR button to open the Manage Certificate Signing Request window with the PEM-encoded version of the CSR. To export the CSR to a file if desired you will need to send the CSR to an external certificate authority (such as VeriSign or Entrust). The selected certification authority will return a CA (Certificate Authority) reply file, which you can add to the window by selecting the window's Import Reply button. Manage a Certificate Signing Request Parent topic: Manage Certificates

SSL Manager User Guide

Export Certificates

How to export certificates. In either the Public Certificates table or the My Certificate table, select a certificate and select the table's Export button to open the Export Keypair / Certificate window. Exporting a Certificate In the Export To field, enter a file name. In the Export Format field, select a format from the pull-down menu. If you are exporting a public/private key pair from the My Certificates list, you can include the private key and provide a password for the selected file. Select Export. Parent topic: Manage Certificates

Manage Certificates

Recommendations

SSL Manager Global Settings

Import a Public/Private Key Pair

Import a Public Certificate

Create a New Public/Private Key Pair

Manage Certificate Signing Requests (CSRs)

Export Certificates

SSL Manager Global Settings

Import a Public/Private Key Pair

Import a Public Certificate

Create a New Public/Private Key Pair

Manage Certificate Signing Requests (CSRs)

Export Certificates