Introduction
This guide provides instructions for implementing secure browsing to GYTPOL portal using an enterprise-signed and trusted certificate that has already been created and exported along with its private key. By following this guide, you will ensure secure, encrypted communication between your users and GYTPOL portal, enhancing the overall security posture of your organization.
Prerequisites
Exported Certificate in PFX format: The certificate file (e.g., yourpfxfile.pfx) containing the public key, private key, and intermediate certificates.
PFX Certificate Password: Ensure you have the password required for creating the PEM files from the exported certificate.
Copy the ‘yourpfxfile.pfx’ file to your GYTPOL server.
Workflow
To generate a PEM certificate, utilize third-party software or install OpenSSL (freely available) and convert your PFX certificate to PEM format.
If employing OpenSSL, follow these steps:
Creating the correct certificate format (Using OpenSSL):
Launch a Command Prompt as Administrator and navigate to the directory where OpenSSL is installed, for example, c:\program files\OpenSSL-Win64\bin\
Execute the command below to extract the private key and save it to a new file:
...
(You'll be prompted for the PFX password if there is one)
To make changes within the server, follow these steps:
Backup Original Files: Before making any changes, it's important to backup the original client-key.pem and client-cert.pem files located in gytpolInstallDrive:\gytpol\data\websrv.
Replace Files: Copy the files created in the first step (client-key.pem and client-cert.pem) to the following location on the GYTPOL server: gytpolInstallDrive:\gytpol\data\websrv.
Ensure to replace the existing files with the new ones (after you backed them up).Restart Service: Restart the "gytpol WebUI Service".
Access Console: After the service restarts, access the console again using the Fully Qualified Domain Name (FQDN) of the server or the NetBIOS name, depending on the certificate you generated.
If You have a .cer Certificate, follow these steps to convert it to a .pfx format
Steps to Convert .cer
to .pfx
using OpenSSL:
Prepare the Required Files:
Certificate: You should have a
.cer
or.crt
file (e.g.,certificate.cer
).Private Key: You need the corresponding private key file (e.g.,
private.key
).
Convert the Certificate and Key to
.pfx
:Launch a Command Prompt as Administrator and navigate to the directory where OpenSSL is installed, for example, c:\program files\OpenSSL-Win64\bin\
Run the following command:
Code Block openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.cer
Explanation:
-export
: Creates a .pfx file.-out certificate.pfx
: Specifies the output file.-inkey private.key
: Specifies the private key file.-in certificate.cer
: Specifies the certificate file.
Set a Password:
The command will prompt you to set a password for the
.pfx
file. This password is required when importing the.pfx
file later.
Verify the
.pfx
File:Once created, you can verify the contents of the
.pfx
file using the following command:Code Block openssl pkcs12 -info -in certificate.pfx
Enter the password when prompted, and you should see details of the certificate and private key.
Info |
---|
If you don't have the private key, you cannot create a |
After successfully converting .cer to .pfx, you can proceed with the steps outlined in the first part of this guide.
Troubleshooting
In case the webUI service fails to start, follow these troubleshooting steps:
...