If you maintain

This page also includes information about generating self-signed certificates for testing purposes, and converting a certificate to the correct format for other built-in Agiloft modules like SAML SSO.

Updating the SSL Certificate

You need to update the SSL security certificate occasionally. The procedure to update the certificate on your server depends on the type of web server you have integrated with

Converting to PEM Format

If your SSL certificate and private key aren't already in PEM format, you first need to convert them. Nginx and most other applications accept certificates in PEM format. If they are already in PEM format, you can skip to the next section.

1. Open the OpenSSL utility included in the

   Companyname

   package here: \Agiloft\wildfly\bin\openssl.exe
2. Use these commands to make changes:
   • To convert the certificate from .cer to .pem format: openssl x509 -inform der -in certificate.cer -out certificate.pem
   • To convert the certificate from .pfx to .pem format: openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
   • To extract the key from the certificate: openssl x509 -inform der -in certificate.cer -pubkey -noout > certificate_publickey.pem
   • To remove the password from the key file: openssl rsa -in privateKey.pem -out newPrivateKey.

...

1. • pem
2. Now you can copy the PEM-formatted SSL certificate and private key into a directory on the server, such as C:\certs\.

Anchor
steps steps

Updating the SSL Certificate

If 

1. Copy the SSL certificate and the private key for it to a directory on the server, for example: C:\certs\. Make sure the certificate and the private key are in PEM format. 
2. Run the Setup.exe utility found under the 

   Companyname

   installation directory and access the server through HTTP on port 8888 with a web browser. The browser will show "Agiloft Setup Assistant".
3. Click the "Web Server" link to bring up the Web server settings page.
4. Select the checkboxes to enable Nginx HTTPS.
   
   Note: Nginx will reserve ports 80/443, so please set a different port for Jboss's internal web server - for example 8080/8443 - while enabling Nginx.

5. Scroll to the bottom of the page and specify the full path to the certificate and private key as shown in the screenshot below.
   

   Note: The certificates must be in the PEM format.

6. Click the "Change web server settings" button to apply and restart the application.

7. Test the new certificates by accessing the site via HTTPS through a browser, at https://www.<domain>.com/gui2/login.jsp.
   Note: If 

   Companyname

    is integrated with some other web server like IIS, please refer to the corresponding documentation from the vendor.

Generating a Self-Signed SSL Certificate

If you don't intend to purchase a certificate for the server, such as in cases where you are installing Agiloft for testing purposes only, you can install a self-signed certificate for the host.

You can generate a self-signed certificate using OpenSSL on a Linux system. On a Windows system, you can access the tool under C:\Agiloft\wildfly\bin or find an alternative source online.

Example

Below is a typical command to generate a self-signed certificate in PEM format:

Converting to Java Keystore Format

Several of Agiloft's built-in modules, like SAML SSO, require the SSL certificate in Java keystore format. You can use the ssl-cert-convert utility to convert the file.

Example

Below is a sample run of the tool.