Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Extracting wildcard certificate and keys for import to GMS/Analyzer Server

03/26/2020 1,075 People found this article helpful 196,697 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    A website certificate can be imported into GMS or Analyzer for HTTPS access.  Some Administrators opt to utilize a single wildcard certificate which can be imported with both the public and private key to multiple servers, and therefore used to authenticate multiple servers at multiple subdomains within the domain.

    A wildcard certificate approved by a certificate authority is typically exported in a .pfx (PKCS12) file, which includes the both certificate with the public key and the private key encrypted with a passphrase.  The Open SSL utility has the ability to extract the certificate and private keys to separate .pem files, then extract the server private key from the passphrase so it can be imported into your GMS deployment.  

    The following steps can be used to perform this action for any public webserver certificate, whether wildcard for the domain or else a single subdomain, from an exported .pfx file, using Win32 OpenSSL:

    Resolution

    Install Win32 OpenSSL

    1.) On any supported Windows 32 or 64 bit OS, download the latest version of Win32 Open SSL.  (Note that whereas the 32 bit version works for both 32 and 64 bit deployments, the 64 bit version will only work for 64 bit deployments).

    https://slproweb.com/products/Win32OpenSSL.html
    Image

    1a.) Only if necessary, also download and install Visual C++ 2008 Redistributable Package (Already included on many recent windows server versions or with some other software downloads).

    2.) Install to c:openssl-win32 (if modified, use the modified location instead of the location given in the instructions below).

    3.) Once installed, open a command prompt as administrator

    4.) Navigate to the bin folder of the installation at prompt:  

    cd c:openssl-win32bin

    5.) Execute the following command (if this is not run, an error may occur later):

    set OPENSSL_CONF=c:openssl-win32binopenssl.cfg
    Image

     

    Extract Certificate and Private Key Files from a .pfx file

    1.) Copy the .pfx file certificate to the system (TheOpenSSL-Win32 bin folder is often used for this)
    Image

    2.) Export the private key to key.pem.  

    openssl pkcs12 -in certname.pfx - nocerts -out key.pem -nodes
    Image

    You will be prompted for the .pfx password
    Image

    3.) Export the certificate

    openssl pkcs12 -in certname.pfx - nokeys -out cert.pem

    You will be prompted for the .pfx password
    Image

    4.) Remove the passphrase from the private key, creating a keyfile
    CAUTION:  Do not allow key files to become accessible to anyone not responsible for domain devices

    openssl rsa -in key.pem -out server.key

    Image

     

    Import the cert.pem and server.key files into GMS for management

    1.) Login to the system interface of GMS at https://(ipaddress:port)/appliance.html

    2.) Navigate to Deployment > Settings
    Image

    3.) Under SSL Access Configuration, select "Custom"
    Image

    4.) For "Certificate file", click "browse" and select the cert.pem file that was extracted earlier
    Image

    5.) For "Certificate Key file", select the server.key file that was extracted earlier
    Image

    6.) Enter the password originally used to extract information from the .pfx file
    Image

    7.) Accepting the Prompt will restart the GMS server with the new certificate in place
    Image

    Related Articles

    • Specific syslog IDs are not seen in Analytics reports
    • Upgrading to Analytics 2.5.0.4
    • How to upgrade firmware for a group of firewalls in NSM

    Categories

    • Management and Reporting > GMS

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top