Using https (SSL) for the AppGate Clients download page.

Description:

 

Since there seem to be some confusion about how to install SSL certificates on the AppGate webserver, and the manuals are a bit lacking about this here is document that describes how to set up SSL with the AppGate webserver. All the steps I did are provided below:
  1. Install OpenSSL. This can be done on either the AG server or on another machine. Source code is provided on AppGate CD. For this example the OpenSSL 0.9.5a-beta1 20 Mar 2000 was used. For OpenSSL errors and problems please go to the OpenSSL website, www.openssl.org .)
  2. Generate a CSR (Certificate Request) to be submitted to your CA. (We used Thawte ( www.thawte.com ) as CA since they have the ability to generate testcertficates for free. The testcerts are valid for 21 days, which should be long enough for testing.)

    Do the following to generate the CSR:

    "openssl genrsa 512/1024 > appgateserver.my.domain.key"

    Important!! Use no passphrase!! (ie no -des3)

    "openssl req -new -key appgateserver.my.domain.key > appgateserver.my.domain.csr"

    The file "appgateserver.my.domain.csr" is your CSR.

    While generating the CSR you will be asked lots of questions. Enter appropriate answers. The CN or "YOUR name" should be appgateserver.my.domain. (Of course appgateserver.my.domain should be replaced with the appropriate info.)

    (Your CA should be able to provide you with more details about this process. Use same info as for Apache-SSL. Thawte provides info for this here .)

  3. Submit the CSR to your CA, together with all other required documentation, info and payment.
  4. You should recieve your certifcate from the CA. Make sure that it is in the correct format. (Apache-OpenSSL compatible format should work. It is X509 format, base64 encoded. Thawte gives info about it here
  5. Transfer the key file (appgateserver.my.domain.key) and the certificate (lets call it "appgateserver.my.domain.crt" to the AppGate server.
  6. Concatenate the two files. Ie:

    "cat appgateserver.my.domain.crt appgateserver.my.domain.key > appgateserver.my.domain.all"
  7. Tell ag_httpd to use this file:

    ag_cfggetset -s ag_httpd.certfile /var/opt/appgate/certs/appgateserver.my.domain.all
  8. Restart ag_httpd by running "/etc/init.d/ag_httpd restart".

    You are now done! The AppGate webserver should begin listening on port 443 (SSL port) as well as port 80.

    By default though, port 80 will be used by the clients. To remedy that, change the links to use "https" instead of "http". Ie: https://appgateserver.my.domain/

Updated 2008-06-09 14:32 Copyright © 2002-2008 AppGate Network Security AB. All rights reserved.
Legal notice 		Contact AppGate Network Security
Comments to the webmaster