Setup HTTPS using a free SSL certificate

Modified on Wed, 22 Mar, 2023 at 3:41 PM

There are several Certification Authorities providing free SSL certificates you can use to configure Omniscope HTTPS connection to be served with a valid certificate, avoiding security warnings in your browser.


For instance, ZeroSSL and Let's Encrypt allow you to generate a valid 90 days certificate, either manually or automated using scripts.


ZeroSSL


ZeroSSL allow you to request and issue a certificate even for an IP address, so you don't need a domain name.

To issue the certificate you just need to follow the wizard on their site. Once the certificate is issued you need to download it.



The zip file will contain 3 files:

1) private.key - the private key

2) certificate.crt - the certificate

3) ca_bundle.crt - a certificate issued to ZeroSSL by USERTrust RSA Certification Authority


There are 2 steps needed to convert the certificate to a format compatible with Omniscope web server. 


1) Generate a PFX file with openssl


Typically widely available on Linux, run this command:

openssl pkcs12 -export -out yourdomainname.pfx -inkey private.key -in certificate.crt -password pass:yourpassword

where:

certificate.crt is the certificate found in the zip file

private.key is the key found in the zip file

yourdomainname.pfx is the pkcs12 intermediate file to generate

yourpassword is the password to use for the pkcs12


A yourdomainname.pfx file will be generated.


2) Import the certificate in a JKS keystore using keytool


Keytool is available in the Java JDK, so you'd need to have a Java JDK installed on your machine to run this command. We recommend you use  AdoptOpenJDK 11.


keytool -J-Dkeystore.pkcs12.legacy -importkeystore -srckeystore yourdomainname.pfx -srcstoretype pkcs12 -srcalias 1 -srcstorepass yourpassword -destkeystore keystore.jks -deststorepass yourpassword -destalias yourdomainname

where:
keystore.jks is the jks output file
yourpassword is the password of the pkcs12 and jks files (you could specify a different one if you like of course)

yourdomainname is the alias of the certificate in the jks file


A keystore.jks file will be then produced.  Configure Omniscope to point to it, by going to 

Admin -> WebServer -> Network-> 

Once you have done the above start Omniscope and ensure the pad-lock is showing.


Certificates issued with ZeroSSL have an intermediary certificate which you will also need to import to ensure all Omniscope functionality works as expected such as Working copy. You can get hold of the intermediary certificate by opening up Developer tools on Chrome and then going to security tab and clicking on "View certificate". 



Then, head over to the "Details" tab and click on ZeroSSL RSA Domain secure Site CA, and export.



Once this is downloaded, run the following command to import the certificate into the keystore.jks.  You will be prompted to enter the password and accept the certificate. The password is the password you typed to import zerossl certificate for your domain (see previous commands above).


keytool -importcert -alias zerossl_public_cert -file pathToZeroSSLCert.cer -keystore ./keystore.jks



Considering that a free SSL certificate is typically valid for 90 days, you can consider using the free Let's Encrypt certbot script to automate issuing and refreshing your certificate, in order to keep your production server always secure and your certificate up to date.



More info on web server SSL configuration are available here




Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article