Allow users access to the PortalGuard Website over an SSL enabled https connection.
SSL or the https protocol is used to secure sensitive data from being sniffed by cyber criminals during transfer over the network. Configuring some features such as SAML authentication requires a secure connection.
This solution has three steps:
1. Create your own self-signed certificate. (A certificate obtained from a Certificate Authority (CA) may also be used).
2. Import the new certificate into the Personal Certificate store of the PortalGuard server.
3. Configure the PortalGuard website for SSL.
1. On the PortalGuard server, copy “openssl.exe” and “openssl.cnf” from the PortalGuard\_Optional folder in the PG install kit to a local folder:
2. Create self-signed .PEM certificate using openssl.exe and openssl.cnf. Execute this command verbatim from the folder that openssl.exe and openssl.cnf were copied to:
openssl req -x509 -days 3650 -newkey rsa:2048 -keyout PGIdP.pem -out PGIdP.pem -config ./openssl.cnf
Openssl will prompt for a number of data pieces. Answer each one accordingly, paying special attention to the comments in the bubbles to the right of the CMD box.
3. Convert .PEM file to .PFX format with this openssl command (replace <input PEM file> and <output PFX file>)
openssl.exe pkcs12 -export -in <input PEM file> -out <output PFX file>
ex. openssl.exe pkcs12 -export -in mycert.pem -out mycert.pfx
Import the New Certificate
1. Enter “mmc” into the “Start->Run” field
2. Choose “File->Add/Remove Snap-in…”
3. Select Certificates under the “available snap-ins column and click “Add”
4. Select to manage certificates for the “Computer account” and click “Next”
5. Make sure the “Local computer: (the computer this console is running on)” is selected as the computer to be managed and click “Finish”
6. Verify that the “Certificates (Local Computer)” snap-in is under the “Console Root” and click “OK”
7. Select the Certificates store under “Certificates (Local Computer)->Personal->Certificates” in the Certificates snap-in from the MMC console
8. Choose menu option: “Action->All Tasks->Import…”
9. Click “Next”
10. Click “Browse”
11. Browse to the .pfx file created with openssl.exe
1. Select to view “Personal Information Exchange” file types
2. Select the .pfx file that was created earlier
3. Click “Open”
12. Verify the selected file is correct and click “Next”
13. Enter the password given when the .PEM file was converted to the .PFX we are importing, leave the check boxes untouched and click “Next”
14. Verify the “Place all certificates in the following store” is selected and the “Personal” store is chosen and click “Next”
15. Click “Finish”
16. This dialog should appear
17. The new certificate will be listed
Configure PortalGuard Website for SSL
1. Open IIS Manager
2. Navigate to and select the PortalGuard Website in the Connections column on the left side of the IIS Manager
3. Click the “Bindings…” link under the “Actions” column on the right side of the IIS Manager
4. Click the “Add” button
5. Select the “https” entry in the “Type:” drop down
Verify the “Port:” is set to “443”
Select the new certificate from the “SSL Certificate:” drop down
6. Verify the new https entry in the “Site Bindings” list and click “Close”
7. With the PortalGuard Website selected, click the “Restart” link to complete the SSL configuration for the PG Website