Certificate for MemoQ Server

Hi, This is a question about how to get a LE cert for a server.

MemoQ is a translation environment software with its own server hosted on a Windows PC on a small LAN and a number of clients, some of which are off-site and accessed over the internet.

We need to install an X509 certificate with server authentication (1.3.6.1.5.5.7.3.1) to implement TLS. MemoQ server provides a way to install the certificate:

"If you are using memoQ 2013 or higher with memoQ server 2013 or higher, you can configure memoQ server to use a TLS encrypted communications channel, to ensure the security of the data transmitted between the server and memoQ clients. If you are using memoQ 2015 or higher with memoQ server 2015 or higher you have the choice either to use TLS or HTTPS to encrypt data transferred.

To use TLS or HTTPS you need to obtain an X.509 certificate from a certification authority. You can either purchase a certificate from a public certification provider, or, if you have an internal certification authority, you can issue a certificate using your internal certification authority, as long as all the Windows client operating systems running memoQ 2015 clients trust that certificate. For more information on obtaining a certificate, please refer to the document of either your public certification provider, or your internal certification authority. The Enhanced Key Usage section of the issued certificate has to contain:

I. Server Authentication (1.3.6.1.5.5.7.3.1)

For memoQ server 2015 and higher use the memoQ Server Deployment Tool to configure the server to use TLS (Secure TCP) or HTTPS based encryption: click Advanced…/Configure server, and then go to the Network connections page of the „Configure server” dialog. Select the communication protocol you would like to use here. If you chose Secure TCP (which is for TLS) or HTTPS, you also need to select the certificate to be used by the protocol."

It seems a LE cert can be used with a server but getting started info says “In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain”.

My question is, how to get a LE cert so that we can use it with MQ server - we don’t have control over a domain in respect of MemoQ and it isn’t run from/with a website as such. We are able to follow instructions and are used to using public/private keys but our level of tech knowledge is low.

Any help gratefully received and thanks in advance.

Hi,

LE Doesn't allow you to obtain a cert via IP address or internal domains.

The only advice is to use an internal certificate authority. (And install the root ca on your clients' device)

Here's a specific doc regard how to create an internal CA.
https://jamielinux.com/docs/openssl-certificate-authority

Thank you and Good Luck

Thanks very much Jamie!

If you don't have a domain at all, then @stevenzhu is right--you aren't going to be able to use Let's Encrypt in this case. If you have a public domain, though, you may still be able to get a cert using DNS authorization, without your MemoQ server being exposed to the Internet. Making that convenient would require that your DNS host support automated updates.

But if you're dealing with a relatively limited number of client machines, it may be better to just create your own cert, and trust it on all the client machines.

Thanks for your reply danb35!

Priory Translations Ltd
28 North Hill
Colchester Essex
CO1 1EG
VAT No.: GB 732 1153 75

Tel: +44 (0) 1206 366461
Fax: +44 (0) 1206 366462

info@priorytranslations.co.uk
www.priorytranslations.co.uk

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify us and delete the message and file(s) attached.

By confirming an order you are agreeing to our General Terms of Businesshttps://www.priorytranslations.co.uk/general-terms-of-business

By the way, another tool that might be useful for creating a self-signed certificate is https://www.zerossl.com/. This is a popular web interface to Let’s Encrypt, but it also offers a “Self-Signed Certificate Generator” which lets you create self-signed certificates inside your browser. In this case the certificates are created in the browser, so ZeroSSL does not have access to your private key (although you still have to trust that the code on the site was properly implemented).

This can be a useful option if you’re not used to using a Unix command line for things like openssl.

Thank you @schoen for this information

Hi, we found out there is a tool for creating a self-certificate within MemoQ server itself, although currently it is not referenced in their knowledgebase.

So this question is resolved - thanks for your input.

hey, we are facing the same problem, could direct me to the tool creating self-signed certificates within MemoQ ?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.