What is your purpose exactly, is this a client certificate? Or the one used for SSL Inspection?
The certificate I want to make is the key to the client to install on, active web browser when the SSL inspection. I can not import a CA public root, which would allow me to have it by default in plataformados teams, which would generate the CA from the choice of the MWG.
The biggest problem I have is that I can not distribute the certificate to all customers. I have over 4000 users. What I'm trying is that each user can install.
So answering you questions, is a SSL client context with CA.
OK, you have multiple ways to achieve this (community please correct me if I am wrong):
1. If you're using an inhouse PKI/CA and this Root CA is already distributed along all the user machines: Just create the SSL certificate for the MWG or have it signed by your CA (typically inhouse installation, using self-signed certs)
2. Create a Selfsigned Cert on the MWG and distribute it through GPO if using ADS or your software delivery solution to have it installed in the trust store of all users (if IE/Chrom is your main browser) or have it installed into the Mozilla/FF store if using FF
3. If this is all not possible (due to your infrastructure setup), what about using a public signed SSL Cert for the MWG which is automatically trusted in all the common browser stores?
Keep in mind that SSL Certs have a lifetime and need to be changed on all of those clients and possibly not at the same time, so a centralized approach would be best (Number #1)
I am not sure what you say it is ok. "Just create the SSL certificate for the MWG or have it signed by your CA (typically inhouse installation, using self-signed certs)
I made a test to import a pkcs12 in MWG and It did not work because It must be a root CA and for me it can not be. Does not matter , this option is not viable for me.
Neither option is viable for me because my infraestructure, and considering the number of users that have offshored , all I can think or can do is distribute the welcome template and have it downloaded and installed . Like self service.
The question is , if I can store the certificate and the installation manual for the appliance that users are served?. and where I must put our repository in the MWG?
You could use AD's GPO to push your self-signed certificate (taking into account that you dont have root CA) into all of workstations.
A way to deploy is to have a domain level cert GPO so it would be deployed to every workstation. This is just a certificate so it wont spawn any issues on your production.
I have also tried storing the certificate at MWG's file server. I did this during UATs and no template for mozilla GPO was present yet. But one thing I noticed is that the file wont be downloaded as a cert or pem file but rather as an html.
But you could save this and change the extension into .cert or .pem and import it on the browser.
Best and easiest way anyways is the use of GPO for the deployment.
Thank you very much for your help, I know what you said but in this enviroment it is impossible.
I am testing with welcome page for user selves. I have the template ok, but I need to know how to find the folder files or how to referee that files.
For example I have a button for download an archive like this:
<form method="get" action="**********\CERTIFICADOS-SSL\PremiaHezkuntza.cer">
<button onclick="window.location.href='PremiaHezkuntza'">Descarga del Certificado</button>
but when I click on button, the appliance said me that resource not found: /Konfigurator/preview/A52C3B20D0EB3ED95A42E875B7246C09/default/en/PremiaHezkunt za
Anyone could tell me an example for to know the path where are my file. --> ??????????????????\CERTIFICADOS-SSL\PremiaHezkuntza.cer
thank you very much!!!
1 of 1 people found this helpful
Sorry for chiming in late.
As it currently sounds, @maitane does not have a means to distribute the CA cert, nor does he have access to an internal CA (which all machines trust). As a result he wants to host the CA file as well as instructions on the blockpage.
It is possible to host the MWG CA on the block page, but as @philiprey encountered, it is rendered as text instead of as a downloadable .cer file. I have filed a FMR for the content-type to be correctly added when a .cer is hosted (so it will download nicely). This content can be hosted in the MWG block templates folder by uploading it to the template editor. This can then be reachable by accessing a URL similar to the following:
@Fab on #3 from the comment above, it is not common for one to get a "public signed SSL Cert" as this is akin to asking the government if it is ok to print your own money. A public CA would not delegate these powers.
Let me know if this helps.
Thank you very much for your help. I am testing the welcome page with your comments and It works fine.
With the cer file it is present as a txt, but maybe I can zip the file for download.