Installing an SSL certificate for HTTPS access

Owned by Kiss, Mate
Mar 03, 2023
2 min read

Overview

The Verba Recording System comes with a preconfigured HTTPS port for web access and HTTP access can be turned off.

In order to avoid HTTPS related security warnings when your end-users access the Verba web application you need to install an SSL certificate.

Generating or purchasing the SSL certificate for your solution is a customer responsibility. Verba can only assist with installation of the certificate.

Steps

Here are the steps to import your SSL certificate (the steps below assume that you have installed the product in the default folder):

Having .pfx or .p12 file instead of .crt and .key files? Scroll down for the conversion guide.

Step 1 - Copy the new .key and .crt files to the Verba Media Repository server.

Step 2 - Create a backup of C:\Program Files\Verba\tomcat\conf\server.xml

Step 3 - Open the server.xml file with an editor

The SSL configuration is around the 100th line and looks something like this:

server.xml till 9.6.16
<Connector
 SSLEnabled="true"
 port="443"
 protocol="org.apache.coyote.http11.Http11AprProtocol"
 clientAuth="false"
 scheme="https"
 secure="true"
 SSLCertificateFile="c:\Verba.crt"
 SSLCertificateKeyFile="c:\Verba.key"
 SSLPassword="verba123456"
 SSLCipherSuite="RC4-MD5:RC4-SHA:AES128-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA"
 SSLProtocol="SSLv3+TLSv1"
 URIEncoding="UTF-8"
 maxHttpHeaderSize="16384"
 />
server.xml in 9.6.17 and later
<Connector
 SSLEnabled="true"
 port="443"
 protocol="com.verba.util.tomcat.VerbaHttp11AprProtocol"
 clientAuth="false"
 scheme="https"
 secure="true"
 SSLCertificateFile="c:\Verba.crt"
 SSLCertificateKeyFile="c:\Verba.key"
 SSLPassword="Verba123456"
 SSLCipherSuite="RC4-MD5:RC4-SHA:AES128-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA"
 SSLProtocol="SSLv3+TLSv1"
 URIEncoding="UTF-8"
 maxHttpHeaderSize="16384"
 />

Change the SSLCertificateFile="c:\Verba.crt" to the new .crt file

Change the SSLCertificateKeyFile="c:\Verba.key" to the new .key file

Change SSLPassword="Verba123456" to the private key's encrypted password.

Optionally add an SSLCertificateChainFile setting, and specify the intermediate certificate file.

Step 4 - Restart Verba Web Application Service

Creating .key and .crt files from .p12 or .pfx file

Step 1 - Download the OpenSSL from here: https://indy.fulgan.com/SSL/openssl-1.0.2q-i386-win32.zip

Step 2 - Extract the downloaded .zip file and start the openssl.exe

Step 3 - Execute the following commands:

For .p12 files
pkcs12 -in yourP12File.p12 -nocerts -out privateKey.pem
pkcs12 -in yourP12File.p12 -clcerts -nokeys -out publicCert.pem
For .pfx files
pkcs12 -in yourPfxFile.pfx -nocerts -out privateKey.pem
pkcs12 -in yourPfxFile.pfx -out publicCert.pem
x509 -inform pem -in publicCert.pem -pubkey -out publicCert.pem -outform pem

When it asks for a password enter the password of the certificate

 Step 4 - Change the created privateKey.pem to .key and publicCert.pem to .crt


Encrypt the private key's password 

AVAILABLE IN 9.6.17 AND LATER 

In the webserver's configuration file the private key's password is stored in an encrypted form. During the software installation, the installer handles the password encryption. However, if the private key's password is changed without upgrading the system, the following process can be used to encrypt the password.

 Step 1 - Open a command prompt in the Verba Media Repository server and execute the following command

> "C:\Program Files\Verba\bin\pwenc.exe" -t=tomcatssl PRIVATE_KEY_PASSWORD

Step 2 - Copy the output result and insert it in the server.xml file as SSLPassword attribute value like above