1. ESChat
  2. PC Client
  3. PC Client

Articles in this section

See more

PC Client Map: Installing the Self-Signed Root Certificate

Nancy Rodgers
  • Updated

Due to changes with Google's Javascript Map API, the PC Client will no longer show the map view within the PC Client application itself.  Instead, the PC Client will launch the map into the user's default web browser.  

The look and feel of the map remains largely identical to the prior in-app map view, except for a few necessary tweaks due to changes in the Google API and the new communication mechanism between the application and the browser window.  

New Method

Starting in PC Client 16.0, instead of showing the map inside of the PC Client app, it will launch the map into the user's default web browser. This requires a new local socket connection between the application and the map running in the browser. See the orange arrow in the diagram below which is the new local web socket. 

With the new websocket, the security required must match the security used when fetching the static map content from the ESChat download site.  Specifically, they must either use SSL (https and wss) or neither use SSL (http and ws).  We have set the default within the application to be the insecure method which requires nothing further from the user. 

If the user or the user's organization requires the use of https on the outbound connection to the ESChat download site, the local web socket must also be secure.  Since the Java application is the server for this socket, it must have an X.509 certificate that is verifiable by the browser.  

For this setup, it is not possible to obtain a standard certificate verifiable by the default root certificates included in browsers.  Thus, we have provided a self-signed root certificate that must be installed into the browser or OS.

Installing Provided Certificate

Please note that these steps are only possible for users with admin credentials to the PC.

Instructions for installing this self-signed root certificate on Windows are provided below.  

  1. Navigate to  C:\Program Files\ESChatPCClient\keys 
  2. Right click on the root.crt file and click "Install Certificate".
  3. Click "Local Machine".
  4. Click on "Place all certificates in the following store"
  5. Click browse and select "Trusted Root Certificate Authorities".
  6. Click Finish.
  7. Run "certmgr.msc". You can enter this in the Start menu search bar.
  8. Click on "Trusted Root Certificate Authorities" then "Certificates".
  9. Look for "eschat.com" and double click to open.
  10. Click on the details tab and verify the Serial number matches 287aef8e2f80cd360cf834981de88a472c241aa2
  11. Run the PC Client. 
  12. In Options, go the the Map Options tab and enable the "Use Secure Connection" option.  Accept the changes.
  13. The web browser should reload the map to the https site. 

Creating a Self-Signed Certificate

Please note that this section is not needed if the provided certificate is installed, as above.  

If the provided self-signed certificate is not acceptable for some reason, the user or user organization can create their own self-signed certificate.  Follow the instructions below to create a self-signed certificate. These instructions are written for OpenSSL 3.0.x.

Create root key and root certificate 

  1. openssl genrsa -aes256  -out  root.key 4096
  2. The password can be anything. 
  3. openssl req  -x509 -new -nodes  -key root.key -sha256 -days 1826 -out root.crt
  4. Fill out the fields however you wish.  This will be the Issuer info in the final certificate.  Note the common name you use for later, e.g. eschat.com.
  5. openssl x509 -text -in root.crt
  6. Get the Serial Number field for the verification step later. 

Create local key and sign in with root certificate

  1. openssl req -new -nodes -out localhost.csr -newkey rsa:4096 -keyout localhost.key
  2. Fill out the fields however you wish.  However, the common name must be "localhost"
  3. Write the lines below into a file called "localhost.v3.ext"
authorityKeyidentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltname = @alt_names
[alt_names]
DNS.1 = localhost
IP.1 = 127.0.0.1

Next:

openssl x509 -req -in localhost.csr -CA root.crt -CAkey root.key -CAcreateserial -out localhost.crt -days 730 -sha256 -extfile localhost.v3.ext

Install the certificate into the PC Client

Copy the localhost.key, localhost.crt and root.crt into the keys folder in the PC Client Install directory.  Usually this is in C:\Program Files\ESChatDispatch

Install and Trust the Root Certificate on the PC

  1. Navigate to C:\Program Files\ESChatDispatch\keys
  2. Right clock on the root.cert file and clock "Install Certificate"
  3. Click "Local Machine"
  4. Click on "Place all certificates in the following store"
  5. Click Browse and select "Trusted Root Certificate Authorities"
  6. Click Finish
  7. Run "certmgr.msc".  You cna enter this in the Start menu search bar.
  8. Click on Trusted Root Certificate Authorities" then "Certificates"
  9. Look for the common name you used, e.g eschat.com, and double click to open.
  10. Click on the Details tab and verify the Serial number matches the one from step 3 above. 

 

Related articles