For the MWG User Interface, you need the certificate, private key and certificate chain (the CA's root certificate)
You can create a CSR from any computer with OpenSSL and submit it to the CA for signing.
Here's the command i use from a cheat sheet stuffed away for ocassional use:
•Generate a new private key and Certificate Signing Request
$ openssl req -out MWG.csr -new -newkey rsa:2048 -nodes -keyout MWG.key
Give the MWG.csr to the CA and have them sign it. Keep the MWG.key to be used again when you import it.
Thank you for your answer. I am new to certificates and never used OpenSSL.
Is there step by step instructions I can follow?
I know how to submit for signing in our CA server, but where do I get the private key file? Do they have to be .PEM format? Our CA certifiacate is .cer
Thanks for your time.
Logon to the SSH prompt of MWG.
# openssl req -out MWG.csr -new -newkey rsa:2048 -nodes -keyout MWG.key
Fill in the blanks it asks for and enter a password. remember the password for future use.
Copy the MWG.csr and MWG.key files it generates to your PC.
Give the .MWG.csr to the CA to sign.
Take the certificate it signed, the MWG.key, and the CA certificate and the password you created and enter them into the GUI section of the configuration.
The names don't matter. they could be .pem, .crt, .cer or other name. As long as you can open them in notepad and they look like base64 encoded text, they should be fine.
Okay, I will let you know how it goes.
This is not going to break anything with our SSL Scanner and the certificates all our users have in IE for that, correct?
This is just for the GUI, so your browser doesn't get cert warnings when you logon to administer it. It doesn't do anything to SSL scanning for proxy traffic.
Correct, that's what I thought. Just making sure as these are production systems.
Can I do this same thing for our ePo server? We cannot SSH into our ePo server, so I was hoping to use the openssl command on the SSH prompt of the MWG.....will that work?
Yes, it should. I have done it myself on ePO.
When I apply the certificate and go to Save Changes it wants to stop the user interface service and restart it. Will this affect users?