I would like to apply an SSL certificate the the Valence Portal. We are doing so for IBM ACS and I would like to secure the connection for the Valence Portal.
Announcement
Collapse
No announcement yet.
How to use SSL internally to access Valence Portal
Collapse
X
-
We have a blog post and a video on how to secure Valence with SSL when outside the network. Setting up for internal access is similar except you don't necessarily need a 3rd party SSL certificate.
Blog post:
https://www.cnxcorp.com/blog/setting...nal-access-ssl
Video:
https://www.youtube.com/watch?v=OsWmzqL9icQ
-
Below is a link to a recent video explaining the process...
https://www.youtube.com/watch?v=OsWmzqL9icQ
Comment
-
OK... I think I've made this work using the same Local certificate we are using for ACS sessions. This was created in DCM.
But Chrome is complaining the site isn't trusted. I tried to export the certificate to a file and import it into the Trusted Root in Chrome on my PC. But that doesn't seem to help.
Any ideas on how to correct this for all my users?
Comment
-
Just circling back on this... when using a self-signed certificate for "internal use only", how do we convince Chrome that the certificate is valid?
Attached Files
Comment
-
You would need to manually install that certificate on every browser in which you want it to show as secure. Some organizations have a central certificate manager but doesn't sound like you have anything like that. Easiest thing to do would be use a 3rd party certificate then the browser would "trust" it.
Comment
-
Are you sure you're telling Chrome that the certificate is coming from a "trusted" source? Maybe you need to do something link this?: https://www.pico.net/kb/how-do-you-g...ed-certificate
Comment
-
Richard.. thanks. I did that but I'm still getting the "Not Secure" warning. I re-enabled warnings to see the error:
NET::ERR_CERT_COMMON_NAME_INVALID
I'm wondering if this is related to how I created the certificate? The common name on the certificate is simply the system name (no domain).
Comment
-
So the common name cannot simply be your system name. It must also include the domain listed in CFGTCP option 12.
Once the certificate was created using the fully qualified name, exported from the DCM and imported into the browser as a Trusted Root Certificate Authority, it worked like a charm.
IBM says the only way to not see the browser warning without manually importing the certificate is to use a certificate from a Trusted Authority
Comment
Comment