KBI 312189 How To Install Commercial Certificate For Argent Omega


Argent Omega – All Versions


Thursday, 27 June 2024


Argent Omega uses self-signed certificate by default. Certificate is used in two areas:

  1. Communication between Generators, especially remote Secondary Generators and Offload Generators.
  2. Argent Web Reverse Proxy Service

Though self-signed certificates are safe enough for most internal usage cases, customers might want to use commercial certificates instead.

A commercial certificate is usually provided as password protected PFX file. However, it must be converted to one public key .crt) file and one private key (*.key) before being used in Argent Omega.

The conversion requires the OPENSSL package, which is available out-of-box for various Linux distributions. The easiest way for most Windows users is to use WSL (Windows Subsystem for Linux) on Windows 10 or 11.

  1. Run ‘WSL –install’ on Windows 10 or 11 if WSL is not installed yet. Reboot is required after installation.
  2. Copy PFX to Linux tmp folder.

  3. Open Terminal session and change to /tmp.

  4. Run command to export public key file.

    openssl pkcs12 -in {your_certificate}.pfx -nokeys -out {your_certificate}.crt

    Note: Replace with appropriate file names in the commands.
  5. Run command to export private key file

    openssl pkcs12 -in {your_certificate}.pfx -nocerts -out {your_certificate}.key -nodes
  6. Copy both public key file (*.crt) and private key file (*.key) to folder

    \Argent\ArgentOmega\CERT at Primary Generator machine.

Now it is time to update Argent Omega configuration files to use the commercial certificate.



Note: Remember to restart Argent Omega services at Primary Generator to allow new configurations to take effect.

Technical Background



Upgrade to Argent Omega 2.2A-2404-B or later.