Configuring SpanVA with a self-signed certificate

book

Article ID: 171064

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced Data Loss Prevention Cloud Package

Issue/Introduction

The customer needs their browser to trust SpanVA and wants to configure SpanVA with a self signed certificate or

Resolution

You can use these procedures to establish trust for test installations and proof-of-concept testing. Important: For production SpanVA deployments, we strongly recommend that you use a well-known CA signed certificate or a certificate signed by your trusted enterprise CA.

1. Create the certificate and key Open a terminal window and use the following OpenSSL command to create a self-signed certificate and key (all on one line):

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt

After you issue this command, OpenSSL prompts you for more information, then creates the certificate and key pair example.crt and example.key.
Note: When OpenSSL prompts you for a common name, enter the SpanVA FQDN (if configured) or IP address.

2. Import the certificate as the trusted root CA

On Mac:

  1. Locate and double-click the example certificate you created earlier. Your Mac opens the Add Certificates box to prompt whether you want to add the certificate.
  2. From the Keychain menu, choose System , then click Add .
  3. If prompted, enter the admin username and password for your computer.
  4. Locate the new certificate in the list and double-click it. The certificate is listed by the IP address or FQDN you used as the Common Name when creating the certificate with OpenSSL.
  5. Click the arrow to expand the Trust area. Then, from the Secure Sockets Layer (SSL) menu, choose Always Trust.
  6. Restart Chrome.

On Windows:

  1. In Chrome, open Settings > Show Advanced Settings.
  2. In the HTTPS/SSP area, click Manage Certificates . Chrome opens the window shown below.
  3. On the Certificates window, click Import and browse to the example.crt certificate.
  4. Click Install Certificate .
  5. On the Certificate Import Wizard, choose the certificate store Trusted Root Certification Authorities , then click Next .
  6. In the Certificates list, locate the new certificate and double-click it. Then make sure that in the Certificate Purposes area, the checkbox for Server Authentication is marked.
  7. Restart your Chrome browser.

3. Import the certificate into SpanVA

  1. In the SpanVA web interface, open the Certificates tab, then click Add Server.
  2. The Add Server Certificate panel opens.
  3. In the Select Server Certificate area, click Browse and locate the example.crt file you created with OpenSSL.
  4. In the Select Private Key File, click Browse and locate the example.key file you created with OpenSSL.
  5. In the Description area, enter a description for the certificate.
  6. Click Submit.  The next time you open SpanVA in your browser, the browser trusts SpanVA, and does not show a security alert.