SSL certification

To access SSL Certificates:

1. In the dashboard, select Configuration -> Security -> SSL Certificates on the left navigation bar.
2. The SSL Certificates page shows all the active SSL Certificates associated with your account.
3. To add a new SSL certificate, click Add New Certificate.

4. A prompt window appears allowing you to provide the SSL Certificate information:

   • Private Key – Upload or paste the Private Key information. Currently accepts either 2048 bit or 3072 bit RSA key in the PEM format.
   • Private Key Password (optional) – Provide the password associated with the Private Key
   • Public Certificate Chain – Detect, Upload, or Paste the Public Certificate. If you choose the Detect option, provide the publicly accessible HTTPS URL. Otherwise, upload or paste your public server certificate, followed by all intermediate certificates, in the PEM format.

SSL requirements

The minimum requirements for CWAAP SSL certificates are RSA 2048 bit or 3072 keys. This is a requirement of the FIPS devices.

Upload SSL certificate

To submit your SSL certification to the portal, you need the following information:

• Private Key
• Private Key Password
• Public Certificate Chain

You can upload your Private Key and your Public Certificate Chain. Also, you can also detect your Public Certificate Chain by providing the URL. You should also provide the Private Key Password, so the SSL certificate can be used.

SSL certificates and components

There are four different ways to present SSL Certificates and their components:

1. PEM. Governed by RFCs, it’s used preferentially by open-source software. It can have various extensions (.pem, key, .cer,.cert, more)
2. PKCS#7 or P7B. An open standard used by Java and supported by Windows. Does not contain private key details.
3. PKCS#12 or PFX. A Microsoft private standard that was later defined in an RFC that provides an enhanced security versus the plain-text PEM format. The format might contain the private key material. It’s used preferentially by Windows systems, and are freely converted to the PEM format by using openssl.
4. DER. The parent format of PEM. It’s useful to think of it as a binary version of the base64-encoded PEM file. Not routinely used by much outside of Windows.

Note:

Cirix highly recommends you to convert the .pfx files on your own machine using OpenSSL so you can store the private key.

Use the following OpenSSL commands to convert the SSL certificate in different formats on your own machine:

1. Convert DER to PEM: openssl x509 -inform der -in certificate.cer -out certificate.pem
2. Convert P7B to PEM :: openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
3. Convert PFX to PEM :: openssl pkcs12 -in certificate.pfx -out certificate.cer –nodes

Alternatively, you can use the free SSL converter available at SSL Shopper.

Manage existing proxy configuration with SSL

From the Proxy Assets screen click the “Edit Icon” next to the host name field of the configuration you want to update. The update configuration screen displays. Here you can make any changes you want make and click Save to submit the updated configuration. From this screen, you can also Delete the configuration by selecting the “Delete” button at the top right of the screen.

Validate your proxy configuration with SSL

To test your website using your own domain name BEFORE DNS propagation has completed, you can use your local computer’s HOSTS file. Your computer uses the entries in your HOSTS file FIRST before it tries to use your IPS to look up the DNS information for your domain. The HOSTS file is a special file on your workstation computer that stores the IP address and name information. You must check the file before DNS, so if you place an entry in this file it supersedes anything set in DNS. This feature is useful in testing websites as it allows you to control which IP your local computer visit regardless of the DNS configuration.

Hosts file syntax

The format of the hosts file is simple. Each line has an IP address and a host name separated by one or more spaces. By default, hosts files typically contain entries for “localhost” and text describing the file usage. It is best not to change the description.

Example:

1.2.3.4 example.com
1.2.3.4 www.example.com
<!--NeedCopy-->

Windows

1. From the Start drop-down list, search for “Notepad” (Win 8, 10) or navigate to: “All Programs -> Accessories -> Notepad” (Win XP, Vista, 7).
2. Right-click Notepad and select the Run As Administrator option.
3. In Notepad, click “Open” and select the file option. C:\\Windows\\System32\\Drivers\\etc\\hosts.
4. Edit the file and click Save.

Linux

1. Open a terminal window.
2. Edit the file /etc/hosts as root with a text editor. Example: sudo nano /etc/hosts

Testing your settings

1. Open a command prompt.
2. Type: ping -c2 example.com
3. The ping results show the IP address and confirm that it is responding.
4. Open the browser on the local computer where the host settings are available. The browser connects to the website.

Note:

When you are finished testing, remember to remove the custom lines that you added to your Hosts file.