Versions Compared

Old Version 3

changes.mady.by.user Yury Kissin

Saved on

compared with

New Version 4

changes.mady.by.user Mark Zuk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This guide provides instructions for implementing secure browsing to GYTPOL portal using an enterprise-signed and trusted certificate that has already been created and exported along with its private key. By following this guide, you will ensure secure, encrypted communication between your users and GYTPOL portal, enhancing the overall security posture of your organization.

Prerequisites

  1. Exported Certificate in PFX format: The certificate file (e.g., yourpfxfile.pfx) containing the public key, private key, and intermediate certificates.

  2. PFX Certificate Password: Ensure you have the password required for creating the PEM files from the exported certificate.

  3. Copy the ‘yourpfxfile.pfx’ file to your GYTPOL server.

Workflow

To generate a PEM certificate, utilize third-party software or install OpenSSL (freely available) and convert your PFX certificate to PEM format.

...

Creating the correct certificate format (Using OpenSSL):

...

Copy the ‘yourpfxfile.pfx’ file to your server.

...

:

  1. Launch a Command Prompt as Administrator and navigate to the directory where OpenSSL is installed, for example, c:\program files\OpenSSL-Win64\bin\

  2. Execute the command below to extract the private key and save it to a new file:

...

(You'll be prompted for the PFX password, if applicable)

Info

If there's a PEM Password/Phrase, follow these steps instead of the previous one:

Extract the private key to a temporary file:

Code Block
openssl pkcs12 -in yourpfxfile.pfx -nocerts -out client-key-temp.pem

(You'll be prompted for both the PFX password and the PEM password)

Convert the temporary private key file to the desired format:

Code Block
openssl rsa -in client-key-temp.pem -out client-key.pem

(You'll be asked for the PFX password if there is one)

Info

If there's now PEM Password/Phrase, continue here:

  1. Now, to extract the public certificate and save it to a new file, run the following command:

...

  1. Backup Original Files: Before making any changes, it's important to backup the original files client-key.pem and client-cert.pem files located in gytpolInstallDrive:\gytpol\data\websrv.

  2. Replace Files: Copy the files created in the first step (client-key.pem and client-cert.pem) to the following location on the GYTPOL server: gytpolInstallDrive:\gytpol\data\websrv.
    Ensure to replace the existing files with the new ones (after you backed them up).

  3. Restart Service: Restart the "gytpol WebUI Service".

  4. Access Console: After the service restarts, access the console again using the Fully Qualified Domain Name (FQDN) of the server or the NetBIOS name, depending on the certificate you generated.

...