There are several Certification Authorities providing free SSL certificates you can use to configure Omniscope HTTPS connection to be served with a valid certificate, avoiding security warnings in your browser.


For instance, ZeroSSL and Let's Encrypt allow you to generate a valid 90 days certificate, either manually or automated using scripts.


ZeroSSL


ZeroSSL allow you to request and issue a certificate even for an IP address, so you don't need a domain name.

To issue the certificate you just need to follow the wizard on their site. Once the certificate is issued you need to download it.



The zip file will contain 3 files:

1) private.key - the private key

2) certificate.crt - the certificate

3) ca_bundle.crt - a certificate issued to ZeroSSL by USERTrust RSA Certification Authority


There are 2 steps needed to convert the certificate to a format compatible with Omniscope web server. 


1) Generate a PFX file with openssl


Typically widely available on Linux, run this command:

openssl pkcs12 -export -out yourdomainname.pfx -inkey private.key -in certificate.crt -password pass:yourpassword

where:

certificate.crt is the certificate found in the zip file

private.key is the key found in the zip file

yourdomainname.pfx is the pkcs12 intermediate file to generate

yourpassword is the password to use for the pkcs12


A yourdomainname.pfx file will be generated.


2) Import the certificate in a JKS keystore using keytool


Keytool is available in the Java JDK, so you'd need to have a Java JDK installed on your machine to run this command. We recommend you use  AdoptOpenJDK 11.


keytool -importkeystore -srckeystore yourdomainname.pfx -srcstoretype pkcs12 -srcalias 1 -srcstorepass yourpassword -destkeystore keystore.jks -deststorepass yourpassword -destalias yourdomainname

where:
keystore.jks is the jks output file
yourpassword is the password of the pkcs12 and jks files (you could specify a different one if you like of course)

yourdomainname is the alias of the certificate in the jks file


A keystore.jks file will be then produced.  Configure Omniscope to point to it, by going to 

Admin -> WebServer -> Network-> 



Considering that a free SSL certificate is typically valid for 90 days, you can consider using the free Let's Encrypt certbot script to automate issuing and refreshing your certificate, in order to keep your production server always secure and your certificate up to date.



More info on web server SSL configuration are available here