- Inventory & Help Desk
- Ca Cert Key
- Generate Server Cert And Key And Ca Time
- Windows Generate Cert
- Generate Server Cert And Key Ad Card
- Generate Server Cert And Key And Ca Fire
Applies to: On-Prem Help Desk, Inventory
Spiceworks comes packaged with a self-signed SSL certificate that is automatically setup and usable after install. This certificateallows for https connections, but has not been signed by a public (trusted root) certificate authority. While this is fine for most folks, you may want to add a signed SSL certificate obtained from a public/trusted root Certificate Authority (CA).
This article serves as a step-by-step guide - a fairly simple process for creating and configuring Spiceworks to use your SSL certificate.
Get the cert(s) Generate a private key. Now it’s time to generate a private key. First, bring up a command prompt and run the following command: openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out request.csr 2048-bit RSA keys are most common, but you may want to check with the CA you’ve chosen. Create a PKCS#12 keystore from a private key and certificate OpenSSL is an open source software library that provides the pkcs12 command for generating PKCS#12 files from a private key and a certificate. Mar 29, 2018 CA Type – Since this is the first CA getting introduced to my domain I am choosing Root CA here. If I was looking to add an additional CA to an existing authority I would chose Subordinate. Private Key – Again, this is my first CA so I’m going to generate a new private key. If we had already generated a private key and didn’t wish to. Mar 15, 2016 Microsoft Active Directory Certificate Services AD CS provides a platform for issuing and managing public key infrastructure PKI certificates. On top of securing application and HTTP traffic the certificates that AD CS provides can be used for authentication of computer, user,. Crt and key files represent both parts of a certificate, key being the private key to the certificate and crt being the signed certificate. It's only one of the ways to generate certs, another way would be having both inside a pem file or another in a p12 container.
- Symptoms
- Prepare the server
- Backup existing certificate and httpd.conf
- Install OpenSSL
- Get the cert(s)
- Generate a private key
- Fill out CSR info
- Send your CSR to your CA
- Download your certificate
- Download the intermediate certificate
- Install the cert(s)
- Copy your certificate(s) and primary key to Spiceworks
- Edit the http.conf file
- Finish things up
- Start Spiceworks
- Create another backup
Ca Cert Key
Symptoms
Admins and end users connecting via https to your local Spiceworks installation see a security error like:
not secure
Your connection is not secure
There is a problem with this website’s security certificate.
in their browser.
Prepare the server
Backup existing certificate and httpd.conf
It’s always a good idea to back up config files, right? The same is true when working with the httpd.conf file from your Spiceworks installation. Also, you’ll want to keep backup copies of the current SSL certs in case things go sideways.
To start, head over to
C:Program Files (x86)Spiceworkshttpdconf
and copy the httpd.conf
file to a safe location (Desktop, Documents, etc.). Note: Your installation path may be different.Next, head to the
Spiceworkshttpdssl
folder and do the same for the ssl-cert.pem
and ssl-private-key.pem
files. https://primaryentrancement.weebly.com/could-someone-randomly-generate-my-private-key-bitcoin.html.Install OpenSSL
Next, we’ll need to install OpenSSL. Why? OpenSSL provides a straightforward way to generate a private key and a certificate signingrequest (CSR).
Nowadays, openssl.org doesn’t provide a Windows installer directly, but they do list a few places here:https://wiki.openssl.org/index.php/Binaries.
After you’ve installed OpenSSL you may need to set an environment variable within Windows. To do that, run the following in a command prompt:
(where
C:OpenSSL-Win32
is the installation directory of OpenSSL).Get the cert(s)
Generate a private key
Now it’s time to generate a private key.
First, bring up an elevated (administrator) command prompt and run the following command:
2048-bit RSA keys are most common, but you may want to check with the CA you’ve chosen.
One important thing to note is the
-nodes
parameter. This means “no DES encryption.” Why? Apache on Windows requires an unencrypted private key. Using DES will bork this process.Your private key will likely be in the
C:OpenSSL
directory or in the C:OpenSSL-Win32
directory.Fill out CSR info
Once the private key has been generated, you’ll be asked to fill out a bit of info. This is for the CSR you’ll be sending to your CA.
If you’re not sure what to enter for these prompts, you’ll want to contact your CA.
NOTE: The common name MUST be the fully qualified domain name (FQDN) of the Spiceworks host. For example:
helpdesk.mydomain.com
Your CSR file will likely be created in the
C:OpenSSL
directory or in the C:OpenSSL-Win32
directory.Send your CSR to your CA
You’ll need to send your CSR to your CA. Normally, you do this via your CA’s web portal but that can vary based on your CA. As with the other steps, ask your CA if you’re in doubt.
When you upload/send the CSR to your CA, specify that you’ll be using the cert with an Apache web server.
Download your certificate
Your CA should send your certificate to the email address you specified when creating your CSR. You should also be able to download the cert from your CA’s web portal.
If you’re downloading the certificate from your CA’s web portal, you’ll likely have a number of different download options. In most cases, you’ll want to choose the Apache option. Don’t see an option to download for Apache? Check with your CA!
Download the intermediate certificate
Some CA’s require an intermediate certificate in addition to the primary SSL certificate. It’s always a good idea to check with your CA on whether you need to do this step.
Most likely, you’ll download the intermediate certificate along with your primary SSL certificate (if you downloaded it via your CA’s web portal).
Again, if you’re not sure about this step contact your CA. Not knowing whether you need an intermediate certificate or not can cause a lot of frustration in the next few steps.
Install the cert(s)
Copy your certificate(s) and primary key to Spiceworks
Depending on your CA, you may have one or two certificates to drop into place.
Note: At this point you’ll need to shutdown Spiceworks and keep it offline until the you’re finished with the entire process.
Generate Server Cert And Key And Ca Time
If your CA doesn’t require an intermediate certificate, you’ll want to copy your SSL certificate to the
C:Program Files (x86)Spiceworkshttpdssl
folder. Then, rename the certificate to ssl-cert.pem
.![Generate server cert and key and ca state Generate server cert and key and ca state](https://www.managedkeys.com/images/process-lifecycle.png)
If your CA requires an intermediate certificate as well, follow the step mentioned above and then copy your intermediate certificate to the
C:Program Files (x86)Spiceworkshttpdssl
directory and rename it to ssl-intermediate.pem
.Note: This is probably the single-most confusing part of the process. If you don’t know which certificate is the primary and which is the intermediate, contact your CA. Windows 8 pro activation key generator download 32 bit. They’ll be able to tell you and it will save you the headache of trial and error.
Finally, copy your private key over to the
C:Program Files (x86)Spiceworkshttpdssl
folder and rename it to ssl-private-key.pem
.Edit the http.conf file
Skip this step if you don’t have an intermediate certificate.
Head over to
C:Program Files (x86)Spiceworkshttpdconf
and open the httpd.conf
file.Toward the bottom of the file, you’ll see the following lines:
We’ll want to add the following line just before the </VirtualHost> line:SSLCertificateChainFile “ssl/ssl-intermediate.pem”
So, when you’re finished, you should have:
Now, save the
httpd.conf
file.Finish things up
Start Spiceworks
Now, all you need to do is start Spiceworks. If the app won’t start, shutdown Spiceworks, restore the original certificate filesand httpd.conf file to get back online with the original cert, and read back through the steps and see if you missed anything.
Most often, problems stem from renaming the incorrect files. Sims 3 high end loft stuff key generator. For example, you may have renamed the primary certificate to
ssl-intermediate
instead of ssl-certificate
by accident.If the app starts, you’re good to go. Confirm you see a “secure lock icon” in your browser when accessing Spiceworks via https.
Create another backup
When updating Spiceworks in the future, it will be necessary to drop in the certificate files and
httpd.conf
file in place again.To avoid headaches, go ahead and create a backup of the
httpd
folder and save it someplace outside of the Spiceworks installation directory.Windows Generate Cert
Then, during the next Spiceworks update you can just drop a backup of the
httpd
folder back into place.Generate Server Cert And Key Ad Card
Documentation and Resources
Generate Server Cert And Key And Ca Fire
Below are a few links that may help out while working with some common SSL certificate providers:
Feedback form placeholder | Delete this region to remove feedback form from page.