How to import a signed certificate with private key into GMS/Analyzer for HTTPS login using OpenSSL?
03/26/2020 1170 15364
How to create and import a signed certificate with private key into GMS/Analyzer (7.2 or later) for HTTPS login using OpenSSL.
When a signed certificate along with its private key requires to be imported into the SonicWall GMS, the certificate can be in the Java Key Store format with .jks extension or a signed public certificate and private key file. Import is done under the Deployment > Settings page of System Interface (/appliance) of GMS/Analyzer. This article provides instructions for creating and importing a public certificate and private key file. The certificate file (.crt/.cer), its corresponding key file (.key) and the password are required.
Installing OpenSSL for Windows:
1: OpenSSL download page - OpenSSL Download
2: Download Win32 OpenSSL v? (latest version)
3: Launch OpenSSL .exe file
4: Open Command Prompt (DOS) as Administrator
5: Type at prompt: cd c:\openssl-win32\bin (If your folder is not in c:\openssl-win32 then change command appropriately)
6: Type at prompt: set OPENSSL_CONF=c:\openssl-win32\bin\openssl.cfg (if you don't run this line you will get the following error: Can't open C:\Program Files (x86)\Common Files\SSL/openssl.cnf for reading, No such file or directory
Creating CSR and private key using OpenSSL:
1: Use the following command to create CSR and private key file via command prompt:
Navigate to - [install location]:\OpenSSL-Win32\bin
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
2: Provide appropriate info for CSR generation (Common Name, Organization, etc)
3: Gather CSR and private key files from the OpenSSL-Win32\bin folder.
4: Submit the CSR to CA for re-key of your current certificate or request of new certificate.
Importing certificate into GMS
1: Gather the signed certificate from CA (Apache or Tomcat format).
2: Import certificate (provided from CA) and .key file created via OpenSSL from the System Interface under Deployment>Settings>SSL Access Configuration of System Interface (/appliance).
3: Reboot server.