FAQ: How to enable SSL on the PortalGuard Website

Requirement:

Allow users access to the PortalGuard Website over an SSL enabled https connection.

 

Reason:

SSL or the https protocol is used to secure sensitive data from being sniffed by cyber criminals during transfer over the network.  Configuring some features such as SAML authentication requires a secure connection.

Solution:

This solution has three steps:

1.  Create your own self-signed certificate. (A certificate obtained from a Certificate Authority (CA) may also be used).

2.  Import the new certificate into the Personal Certificate store of the PortalGuard server.

3.  Configure the PortalGuard website for SSL.

 

Create certificate

1. On the PortalGuard server, copy “openssl.exe” and “openssl.cnf” from the PortalGuard\_Optional folder in the PG install kit to a local folder:

 

 

FAQ5-1

 

2. Create self-signed .PEM certificate using openssl.exe and openssl.cnf.  Execute this command verbatim from the folder that openssl.exe and openssl.cnf were copied to:

openssl req -x509 -days 3650 -newkey rsa:2048 -keyout PGIdP.pem -out PGIdP.pem -config ./openssl.cnf

 

Openssl will prompt for a number of data pieces.  Answer each one accordingly, paying special attention to the comments in the bubbles to the right of the CMD box.

 

FAQ5-2

 

3. Convert .PEM file to .PFX format with this openssl command (replace <input PEM file> and <output PFX file>)

openssl.exe pkcs12 -export -in <input PEM file> -out <output PFX file>

ex. openssl.exe pkcs12 -export -in mycert.pem -out mycert.pfx

 

FAQ5-3

 

Import the New Certificate

1.  Enter “mmc” into the “Start->Run” field

2.  Choose “File->Add/Remove Snap-in…”

3.  Select Certificates under the “available snap-ins column and click “Add”

FAQ5-4

4.  Select to manage certificates for the “Computer account” and click “Next”

FAQ5-5

5.  Make sure the “Local computer: (the computer this console is running on)” is selected as the computer to be managed and click “Finish”

FAQ5-6

6.  Verify that the “Certificates (Local Computer)” snap-in is under the “Console Root” and click “OK”

FAQ5-7

7.  Select the Certificates store under “Certificates (Local Computer)->Personal->Certificates” in the Certificates snap-in from the MMC console

FAQ5-8

8.  Choose menu option: “Action->All Tasks->Import…”

FAQ5-9

9.  Click “Next”

FAQ5-10

10. Click “Browse”

FAQ5-11

11.  Browse to the .pfx file created with openssl.exe

1. Select to view “Personal Information Exchange” file types
2. Select the .pfx file that was created earlier
3. Click “Open”

FAQ5-12

 

12. Verify the selected file is correct and click “Next”

FAQ5-13

 

13. Enter the password given when the .PEM file was converted to the .PFX we are importing, leave the check boxes untouched and click “Next”

FAQ5-14

 

14. Verify the “Place all certificates in the following store” is selected and the “Personal” store is chosen and click “Next”

FAQ5-15

 

15. Click “Finish”

FAQ5-16

 

16. This dialog should appear

FAQ5-17

 

17. The new certificate will be listed

FAQ-18

 

Configure PortalGuard Website for SSL

1.  Open IIS Manager

FAQ5-19

 

2. Navigate to and select the PortalGuard Website in the Connections column on the left side of the IIS Manager

FAQ5-20

 

3. Click the “Bindings…” link under the “Actions” column on the right side of the IIS Manager

FAQ5-21

 

4. Click the “Add” button

FAQ5-22

 

5. Select the “https” entry in the “Type:” drop down
Verify the “Port:” is set to “443”
Select the new certificate from the “SSL Certificate:” drop down
Click “OK”

FAQ5-23

 

6. Verify the new https entry in the “Site Bindings” list and click “Close”

FAQ5-24

 

7. With the PortalGuard Website selected, click the “Restart” link to complete the SSL configuration for the PG Website

FAQ5-25

Main menu