Installing an SSL certificate for HTTPS access

Owned by Kiss, Mate
Feb 11, 2019
2 min read

Overview

The Verba Recording System comes with a preconfigured HTTPS port for web access and HTTP access can be turned off.

In order to avoid HTTPS related security warnings when your end-users access the Verba web application you need to install an SSL certificate.

Generating or purchasing the SSL certificate for your solution is a customer responsibility. Verba can only assist with installation of the certificate.

Steps

Here are the steps to import your SSL certificate (the steps below assume that you have installed the product in the default folder):

Having .pfx or .p12 file instead of .crt and .key files? Scroll down for the conversion guide.

Step 1 - Copy the new .key and .crt files to the Verba Media Repository server.

Step 2 - Create a backup of C:\Program Files\Verba\tomcat\conf\server.xml

Step 3 - Open the server.xml file with an editor

The SSL configuration is around the 100th line and looks something like this:

<Connector
 SSLEnabled="true"
 port="443"
 protocol="org.apache.coyote.http11.Http11AprProtocol"
 clientAuth="false"
 scheme="https"
 secure="true"
 SSLCertificateFile="c:\Verba.crt"
 SSLCertificateKeyFile="c:\Verba.key"
 SSLPassword="verba123456"
 SSLCipherSuite="RC4-MD5:RC4-SHA:AES128-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA"
 SSLProtocol="SSLv3+TLSv1"
 URIEncoding="UTF-8"
 maxHttpHeaderSize="16384"
 />

 

Change the SSLCertificateFile="c:\Verba.crt" to the new .crt file

Change the SSLCertificateKeyFile="c:\Verba.key" to the new .key file

Change SSLPassword="Verba123456" to the private key's password.

Optionally add an SSLCertificateChainFile setting, and specify the intermediate certificate file.

Step 4 - Restart Verba Web Application Service

Creating .key and .crt files from .p12 or .pfx file

Step 1 - Download the OpenSSL from here: https://indy.fulgan.com/SSL/openssl-1.0.2q-i386-win32.zip

Step 2 - Extract the downloaded .zip file and start the openssl.exe

Step 3 - Execute the following commands:

For .p12 files
pkcs12 -in yourP12File.p12 -nocerts -out privateKey.pem
pkcs12 -in yourP12File.p12 -clcerts -nokeys -out publicCert.pem
For .pfx files
pkcs12 -in yourPfxFile.pfx -nocerts -out privateKey.pem
pkcs12 -in yourPfxFile.pfx -out publicCert.pem
x509 -inform pem -in publicCert.pem -pubkey -out publicCert.pem -outform pem

When it asks for password enter the password of the certificate

 Step 4 - Change the created privateKey.pem to .key and publicCert.pem to .crt