Articles in this section

See more

Managing Certificates

Avatar
Blair Parkhill
  • Updated
Follow

Login Enterprise uses certificates to provide increased security as a standard part of its infrastructure. It is common for enterprises to use their own certificate authority (CA) and therefore Login Enterprise provides the ability to customize which certificates are used. Certificates are used by browsers for the Web UI as well as for internal communications between the launchers and the targets being tested. The launcher installs it automatically & the target engine ignores SSL errors by default, however, the target engine stops ignoring SSL errors after importing your own certificate.

The default self-signed certificate

By default Login Enterprise runs with a self-signed certificate on the virtual appliance. This allows you to get Login Enterprise up and running quickly and requires you to proceed even though the certificate is untrusted.

mceclip0.png

This can be verified by selecting the About button on the Login Enterprise home page

mceclip1.png

 Selecting this button will confirm the certificate status

mceclip2.png

Installing a new certificate

NOTE: Before doing these steps we recommend doing a certificate update on the appliance first. Internet connection is needed for this. To do this, open up the shell and run the following command:

update-ca-certificates -f -v 

The requirements for the certificate can be found here.
Please note that the PFX should only contain the server certificate and server key. 

It is quite easy to install a new certificate. Follow these steps:

  1. Logon to the appliance console 
  2. Enable SSH from the menu
  3. Use WinSCP or equivalent to upload the pfx certificate to the certificates folder in the root of the appliance (e.g., /certificates/mycert.pfx)
    • If WinSCP then choose SFTP protocol as the connection type
  4. Select the option: "Apply new certificate" from the appliance console menu
    1. Supply the full path to the pfx file, including the filename (e.g., /certificates/mycert.pfx) and press enter
    2. Supply the password for the pfx file and press enter
  5. This will automatically switch the product to use the Trusted SSL mode which can be confirmed by refreshing the Web UI to see that it is trusted as well as clicking on the About button on the Login Enterprise homepage

    mceclip3.png

Switching back to self-signed certificates

At times certificate installation may fail. If this is the case and you'd like to reuse the self-signed certificate supplied with the appliance, please do the following:

  1. Logon to the appliance console
  2. Select the option: "Regenerate self signed certificates" from the appliance console menu
  3. This will automatically reset the product to accept any SSL certificate

Related articles

Comments

0 comments

Please sign in to leave a comment.