Installing an SSL certificate for HTTPS access

Overview

The Verba Recording System comes with a preconfigured HTTPS port for web access and HTTP access can be turned off.

In order to avoid HTTPS related security warnings when your end-users access the Verba web application you need to install an SSL certificate.

Steps

Here are the steps to import your SSL certificate (the steps below assume that you have installed the product in the default folder):

Step 1 - Copy the new .key and .crt files to the Verba Media Repository server.

Step 2 - Create a backup of C:\Program Files\Verba\tomcat\conf\server.xml

Step 3 - Open the server.xml file with an editor

The SSL configuration is around the 100th line and looks something like this:

<Connector
 SSLEnabled="true"
 port="443"
 protocol="org.apache.coyote.http11.Http11AprProtocol"
 clientAuth="false"
 scheme="https"
 secure="true"
 SSLCertificateFile="c:\Verba.crt"
 SSLCertificateKeyFile="c:\Verba.key"
 SSLPassword="verba123456"
 SSLCipherSuite="RC4-MD5:RC4-SHA:AES128-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA"
 SSLProtocol="SSLv3+TLSv1"
 URIEncoding="UTF-8"
 maxHttpHeaderSize="16384"
 />

 

Change the SSLCertificateFile="c:\Verba.crt" to the new .crt file

Change the SSLCertificateKeyFile="c:\Verba.key" to the new .key file

Change SSLPassword="Verba123456" to the private key's password.

Optionally add an SSLCertificateChainFile setting, and specify the intermediate certificate file.

Step 4 - Restart Verba Web Application Service

Creating .key and .crt files from .p12 or .pfx file

Step 1 - Download the OpenSSL from here: http://indy.fulgan.com/SSL/openssl-0.9.8r-i386-win32-rev2.zip

Step 2 - Extract the downloaded .zip file and start the openssl.exe

Step 3 - Execute the following commands:

For .p12 files
pkcs12 -in yourP12File.p12 -nocerts -out privateKey.pem
pkcs12 -in yourP12File.p12 -clcerts -nokeys -out publicCert.pem
For .pfx files
pkcs12 -in yourPfxFile.pfx -nocerts -out privateKey.pem
pkcs12 -in yourPfxFile.pfx -out publicCert.pem
x509 -inform pem -in publicCert.pem -pubkey -out publicCert.pem -outform pem

When it asks for password enter the password of the certificate

 Step 4 - Change the created privateKey.pem to .key and publicCert.pem to .crt