Skip to main content
Support Documentation

How to Setup Brightsign SSL Certificates (2023)

  • July 15, 2025
  • 2 replies
  • 409 views
L

This guide outlines the process for adding custom secure sockets layer (SSL) certificates to your BrightSign devices, a common requirement for securing communications, especially when integrating with self-signed or internal Certificate Authority (CA) issued certificates. We'll cover modifying the autorun.zip file to include your certificate and the necessary BrightScript plugin, as well as how to convert various certificate formats to the required PEM format using OpenSSL.

 

 

Given a current autorun.zip, make the following changes:

  1. Modify the /plugins.brs file to reflect:

Library "appspace/main.brs"
Library "plugins/AddCert/main.brs"

 

BrightSign is particular about the line breaks. Please be sure to add a line-break character on the end of line #2.

  1. Next, create the folder "AddCert" within the plugins subdirectory.
  2. Add the attached file main.brs (standard).
  3. Add a cert.pem file.
  4. Reboot the unit.

 

Note: It may be necessary to have the entire chain of SSL certificates towards the machine you are trying to secure against. So the CA, intermediate, and endpoint certs may be required to be bundled together in a single cert.pem file.

 

Note:

  • CA or self-signed certs must be in the PEM format.
  • BrightSign will not consume PRX, P7B, or CRT files.
  • You can convert CRT or PRX files using OpenSSL.

See Instructions Below for that procedure.

 

Converting an SSL cert to a PEM file:

  1. Obtain a copy of the Windows binaries for OpenSSL http://gnuwin32.sourceforge.net/packages/openssl.htm
  2. Extract the contents to C:\OpenSSL\
  3. Run cmd.exe and navigate to the C:\OpenSSL\Bin folder and run openssl.exe
  4. Depending on the source format of the cert, use the appropriate command to convert your source file.

 

CRT to PEM

openssl x509 -in certificate.crt -out certificate.pem

 

DER to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

 

P7B to PEM

openssl x509 -print_certs -in certificate.p7b -out certificate.pem

 

PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes

 

The filepath in the main.brs file may need to be edited depending on the type of storage you are using.

  • The file is SD by default:
    • ok = k.AddCACertificate("sd:/plugins/AddCert/cert.pem")
  • If you are using SSD, this line needs to be updated to:
    • ok = k.AddCACertificate("ssd:/plugins/AddCert/cert.pem")

 

 
If you are having trouble with this process, please reach out to the Customer Care Team.
 
 
 

2 replies

A
  • AnthonyB
  • New Participant
  • January 9, 2026

I am unable to download the main.brs file linked in this article.

    P

    Likewise i could not download the main.brs, the link redirect to confluence, tried to login but my account doesnt have access to it.

    Can we post it here please, thanks in advance.

    Terms & ConditionsCookie settingsAccessibility statement