Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Introduction

This guide provides instructions for implementing secure browsing to GYTPOL portal using an enterprise-signed and trusted certificate that has already been created and exported along with its private key. By following this guide, you will ensure secure, encrypted communication between your users and GYTPOL portal, enhancing the overall security posture of your organization.

Prerequisites

Exported Certificate in PFX format: The certificate file (e.g., yourpfxfile.pfx) containing the public key, private key, and intermediate certificates.

PFX Certificate Password: Ensure you have the password required for creating the PEM files from the exported certificate.

Workflow

To generate a PEM certificate, utilize third-party software or install OpenSSL (freely available) and convert your PFX certificate to PEM format.

If employing OpenSSL, follow these steps:

Creating the correct certificate format (Using OpenSSL):

  1. Copy the ‘yourpfxfile.pfx’ file to your server.

  2. Convert the PFX file to separate certificate and key files using OpenSSL:

  3. Launch a Command Prompt as Administrator and navigate to the directory where OpenSSL is installed, for example, c:\program files\OpenSSL-Win64\bin\

  4. Execute the command below to extract the private key and save it to a new file:

openssl pkcs12 -in yourpfxfile.pfx -nocerts -out client-key.pem -nodes 

(You'll be prompted for the PFX password, if applicable)

If there's a PEM Password/Phrase, follow these steps instead of the previous one:

  1. Extract the private key to a temporary file:

openssl pkcs12 -in yourpfxfile.pfx -nocerts -out client-key-temp.pem

(You'll be prompted for both the PFX password and the PEM password)

  1. Convert the temporary private key file to the desired format:

openssl rsa -in client-key-temp.pem -out client-key.pem

(You'll be asked for the PFX password if there is one)

  1. Now, to extract the public certificate and save it to a new file, run the following command:

openssl pkcs12 -in yourpfxfile.pfx -nokeys -out client-cert.pem -nodes

(You'll be prompted for the PFX password if there is one)

To make changes within the server, follow these steps:

  1. Backup Original Files: Before making any changes, it's important to backup the original files client-key.pem and client-cert.pem located in gytpolInstallDrive:\gytpol\data\websrv.

  2. Replace Files: Copy the files created in the first step (client-key.pem and client-cert.pem) to the following location on the GYTPOL server: gytpolInstallDrive:\gytpol\data\websrv.
    Ensure to replace the existing files with the new ones.

  3. Restart Service: Restart the "gytpol WebUI Service".

  4. Access Console: After the service restarts, access the console again using the Fully Qualified Domain Name (FQDN) of the server or the NetBIOS name, depending on the certificate you generated.

Troubleshooting

In case the webUI service fails to start, follow these troubleshooting steps:

  1. Rollback Original Files: Replace the modified client-key.pem and client-cert.pem files with the original ones you backed up.

  2. Start WebUI Service: Attempt to start the "gytpol WebUI Service" again.

  3. Check Event Viewer: Open the Event Viewer and check for any errors or logs related to the webUI service. Look for details that might indicate the cause of the startup failure. Ensure that all the steps mentioned earlier were followed correctly.

  4. Contact Support: If you're unable to resolve the issue or need further assistance, please reach out to support@gytpol.com for additional help.

  • No labels