• If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Announcement

Collapse
No announcement yet.

How to use SSL internally to access Valence Portal

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to use SSL internally to access Valence Portal

    I would like to apply an SSL certificate the the Valence Portal. We are doing so for IBM ACS and I would like to secure the connection for the Valence Portal.

  • #2
    We have a blog post and a video on how to secure Valence with SSL when outside the network. Setting up for internal access is similar except you don't necessarily need a 3rd party SSL certificate.

    Blog post:
    https://www.cnxcorp.com/blog/setting...nal-access-ssl

    Video:
    https://www.youtube.com/watch?v=OsWmzqL9icQ

    Comment


    • #3
      Below is a link to a recent video explaining the process...

      https://www.youtube.com/watch?v=OsWmzqL9icQ

      Comment


      • #4
        OK... I think I've made this work using the same Local certificate we are using for ACS sessions. This was created in DCM.

        But Chrome is complaining the site isn't trusted. I tried to export the certificate to a file and import it into the Trusted Root in Chrome on my PC. But that doesn't seem to help.

        Any ideas on how to correct this for all my users?

        Comment


        • #5
          Just circling back on this... when using a self-signed certificate for "internal use only", how do we convince Chrome that the certificate is valid?
          Attached Files

          Comment


          • #6
            You would need to manually install that certificate on every browser in which you want it to show as secure. Some organizations have a central certificate manager but doesn't sound like you have anything like that. Easiest thing to do would be use a 3rd party certificate then the browser would "trust" it.

            Comment


            • #7
              I actually did that on my own PC... it did not change the way Chrome reported it (the image above is from my PC after having installed it.

              I'm OK with it as long as the data is encrypted, but Chrome puts a "strikethrough" https.

              Comment


              • #8
                Are you sure you're telling Chrome that the certificate is coming from a "trusted" source? Maybe you need to do something link this?: https://www.pico.net/kb/how-do-you-g...ed-certificate

                Comment


                • #9
                  Richard.. thanks. I did that but I'm still getting the "Not Secure" warning. I re-enabled warnings to see the error:

                  NET::ERR_CERT_COMMON_NAME_INVALID

                  I'm wondering if this is related to how I created the certificate? The common name on the certificate is simply the system name (no domain).

                  Comment


                  • #10
                    I think you're probably close to getting it working. The common name on the certificate must exactly match what you're typing on the url in the browser for the host/domain portion. I'll email you an example.

                    Comment


                    • #11
                      So the common name cannot simply be your system name. It must also include the domain listed in CFGTCP option 12.

                      Once the certificate was created using the fully qualified name, exported from the DCM and imported into the browser as a Trusted Root Certificate Authority, it worked like a charm.

                      IBM says the only way to not see the browser warning without manually importing the certificate is to use a certificate from a Trusted Authority

                      Comment

                      Working...
                      X