Versions Compared

Old Version 3

changes.mady.by.user Yury Kissin

Saved on

compared with

New Version Current

changes.mady.by.user Mark Zuk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

This guide provides instructions for implementing secure browsing to GYTPOL portal using an enterprise-signed and trusted certificate that has already been created and exported along with its private key. By following this guide, you will ensure secure, encrypted communication between your users and GYTPOL portal, enhancing the overall security posture of your organization.

Prerequisites

  1. Exported Certificate in PFX format: The certificate file (e.g., yourpfxfile.pfx) containing the public key, private key, and intermediate certificates.

  2. PFX Certificate Password: Ensure you have the password required for creating the PEM files from the exported certificate.

  3. Copy the ‘yourpfxfile.pfx’ file to your GYTPOL server.

Info

If you have a certificate in .cer format, please see these steps first.

Workflow

To generate a PEM certificate, utilize third-party software or install OpenSSL (freely available) and convert your PFX certificate to PEM format.

If employing OpenSSL, follow these steps:

Creating the correct certificate format (Using OpenSSL):

...

  1. Convert the PFX file to separate certificate and key files using OpenSSL:

  2. Launch a Command Prompt as Administrator and navigate to the directory where OpenSSL is installed, for example, c:\program files\OpenSSL-Win64\bin\

  3. Execute the command below to extract the private key and save it to a new file:

...

(You'll be prompted for the PFX password, if applicable)

Info

If there's a PEM Password/Phrase, follow these steps instead of the previous one:

Extract the private key to a temporary file:

Code Block
openssl pkcs12 -in yourpfxfile.pfx -nocerts -out client-key-temp.pem

(You'll be prompted for both the PFX password and the PEM password)

Convert the temporary private key file to the desired format:

Code Block
openssl rsa -in client-key-temp.pem -out client-key.pem

(You'll be asked for the PFX password if there is one)

Info

If there's now PEM Password/Phrase, continue here:

  1. Now, to extract the public certificate and save it to a new file, run the following command:

...

(You'll be prompted for the PFX password if there is one)

To make changes within the server, follow these steps:

  1. Backup Original Files: Before making any changes, it's important to backup the original files client-key.pem and client-cert.pem files located in gytpolInstallDrive:\gytpol\data\websrv.

  2. Replace Files: Copy the files created in the first step (client-key.pem and client-cert.pem) to the following location on the GYTPOL server: gytpolInstallDrive:\gytpol\data\websrv.
    Ensure to replace the existing files with the new ones (after you backed them up).

  3. Restart Service: Restart the "gytpol WebUI Service".

  4. Access Console: After the service restarts, access the console again using the Fully Qualified Domain Name (FQDN) of the server or the NetBIOS name, depending on the certificate you generated.

If You have a .cer Certificate, follow these steps to convert it to a .pfx format

Steps to Convert .cer to .pfx using OpenSSL:

  1. Prepare the Required Files:

    • Certificate: You should have a .cer or .crt file (e.g., certificate.cer).

    • Private Key: You need the corresponding private key file (e.g., private.key).

  2. Convert the Certificate and Key to .pfx:

    • Launch a Command Prompt as Administrator and navigate to the directory where OpenSSL is installed, for example, c:\program files\OpenSSL-Win64\bin\

    • Run the following command:

      Code Block
      openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.cer

      Explanation:

      • -export: Creates a .pfx file.

      • -out certificate.pfx: Specifies the output file.

      • -inkey private.key: Specifies the private key file.

      • -in certificate.cer: Specifies the certificate file.

  3. Set a Password:

    • The command will prompt you to set a password for the .pfx file. This password is required when importing the .pfx file later.

  4. Verify the .pfx File:

    • Once created, you can verify the contents of the .pfx file using the following command:

      Code Block
      openssl pkcs12 -info -in certificate.pfx

    • Enter the password when prompted, and you should see details of the certificate and private key.

Info

If you don't have the private key, you cannot create a .pfx file because the .pfx format requires both the certificate and the private key.

After successfully converting .cer to .pfx, you can proceed with the steps outlined in the first part of this guide.

Troubleshooting

In case the webUI service fails to start, follow these troubleshooting steps:

...