Replace Self-signed Certificate¶
By default, Securden comes bundled with a self-signed certificate. You can add your own Certificate Authority signed certificate by following the steps below.
Securden requires the certificate and the private key separately. If you have the CA certificate in .pfx format, follow the steps below:
- Download OpenSSL (if you don't have that installed already).
You can download OpenSSL from here. Make sure the bin folder under the OpenSSL installation is included in the PATH environment variable.
- Copy your certificate (e.g., certificate.pfx) and paste it in the system from where you can execute OpenSSL.exe.
The *.pfx file is in PKCS#12 format and includes both the certificate and the private key.
-
Run the following commands to export the private key.
openssl pkcs12 -in certificate.pfx -nocerts -out securden-key.pem -nodes openssl rsa -in securden-key.pem -out securden-key
-
Run the following command to export the certificate.
openssl pkcs12 -in certificate.pfx -nokeys -out securden-cert.pem
Once you execute the above steps, you will get an SSL certificate and a private key.
-
Copy the certificate and private key created above and navigate to
/conf directory and paste the keys. -
In services.msc, restart Securden PAM Service.
Troubleshooting tip
- In some cases, the PEM file does not contain the private key, and this brings up the error - Expecting: ANY PRIVATE KEY. Ensure that you have the key along with the certificate.
- Ensure that the .pfx file is in PKCS#12, as this format holds both the certificate and key in it. Hence, we recommend the certificate be exported in PKCS#12 format to extract the certificate and key separately.
If the issue persists, you may write to us at support@securden.com