There are several Certification Authorities providing free SSL certificates you can use to configure Omniscope HTTPS connection to be served with a valid certificate, avoiding security warnings in your browser.
For instance, ZeroSSL and Let's Encrypt allow you to generate a valid 90 days certificate, either manually or automated using scripts.
ZeroSSL allow you to request and issue a certificate even for an IP address, so you don't need a domain name.
To issue the certificate you just need to follow the wizard on their site. Once the certificate is issued you need to download it.
The zip file will contain 3 files:
1) private.key - the private key
2) certificate.crt - the certificate
3) ca_bundle.crt - a certificate issued to ZeroSSL by USERTrust RSA Certification Authority
There are 2 steps needed to convert the certificate to a format compatible with Omniscope web server.
1) Generate a PFX file with openssl
Typically widely available on Linux, run this command:
openssl pkcs12 -export -out yourdomainname.pfx -inkey private.key -in certificate.crt -password pass:yourpassword
certificate.crt is the certificate found in the zip file
private.key is the key found in the zip file
yourdomainname.pfx is the pkcs12 intermediate file to generate
yourpassword is the password to use for the pkcs12
A yourdomainname.pfx file will be generated.
2) Import the certificate in a JKS keystore using keytool
Keytool is available in the Java JDK, so you'd need to have a Java JDK installed on your machine to run this command. We recommend you use AdoptOpenJDK 11.
keytool -J-Dkeystore.pkcs12.legacy -importkeystore -srckeystore yourdomainname.pfx -srcstoretype pkcs12 -srcalias 1 -srcstorepass yourpassword -destkeystore keystore.jks -deststorepass yourpassword -destalias yourdomainname
keystore.jks is the jks output file
yourpassword is the password of the pkcs12 and jks files (you could specify a different one if you like of course)
yourdomainname is the alias of the certificate in the jks file
A keystore.jks file will be then produced. Configure Omniscope to point to it, by going to
Admin -> WebServer -> Network->
Once you have done the above start Omniscope and ensure the pad-lock is showing.
Certificates issued with ZeroSSL have an intermediary certificate which you will also need to import to ensure all Omniscope functionality works as expected such as Working copy. You can get hold of the intermediary certificate by opening up Developer tools on Chrome and then going to security tab and clicking on "View certificate".
Then, head over to the "Details" tab and click on ZeroSSL RSA Domain secure Site CA, and export.
Once this is downloaded, run the following command to import the certificate into the keystore.jks. You will be prompted to enter the password and accept the certificate. The password is the password you typed to import zerossl certificate for your domain (see previous commands above).
keytool -importcert -alias zerossl_public_cert -file pathToZeroSSLCert.cer -keystore ./keystore.jks
Considering that a free SSL certificate is typically valid for 90 days, you can consider using the free Let's Encrypt certbot script to automate issuing and refreshing your certificate, in order to keep your production server always secure and your certificate up to date.
More info on web server SSL configuration are available here