RG049 – Replacing the HyperDrive certificate

By Rob Aarts

 

This article will illustrate how to replace the self-signed certificate in your RES HyperDrive virtual appliance, with your own public company certificate. You can also use the information in this article for setting up you HyperDrive virtual appliance for the first time.

Shopping list:

To get started, you will need three types off certificates to get your appliance up and running with your own domain certificate:

  • SSL certificate: You obtain this certificate from your public CA (Certificate Authority) vendor (domain certificate), such as Verisign, Thawte, etc.
  • SSL Key: This one you will need to create yourself. This article will show you how.
  • CA Bundle: This one you will get from your public CA vendor as well (The CA bundle is the file that contains root and intermediate certificates of your public CA).

 

Acquiring your public company certificate:

In order to generate this, I did a certificate request in Microsoft IIS7.0 (send it to an public CA like this), a little while later I got back my SSL certificate which i implemented back in IIS7.

After that you need to export the certificate to a "*.PFX" file. Here is how to do it step by step:

  1. Start IIS Manager. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
  2. In the console tree, click the name of the computer.
  3. In the IIS section of the center pane, double-click Server Certificates.
  4. Right-click the certificate (.cer file) in the center pane, and then click Export.
  5. Select the location for the exported file, type the name for the file (with the .pfx extension), then type and confirm the password to encrypt the private key.
  6. Click OK and you're done.

 

Converting the .pfx file to .key" format

First download and install the OpenSSL tool, as we need it for conversion. You can download it from my HyperDrive here or this mirror here. Open an [admin elevated] command prompt and go to "%programfiles%\GnuWin32\bin", and run the following two commands:

openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]

openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]

The last .KEY file is the one we need.

 

Rip And replace

For installing the SSL certificates, I used the RIP and replace method because IMHO this is the easiest way to do it. If you're a Linux expert, you might want to check out Q203494 on the RES KB. Important: Be sure to follow that particular procedure to secure your company information!

In the HyperDrive web setup, make sure you first type your appliance domain name and then disable the create self-signed certificate checkbox.

 

Wildcard certificates

A Wildcard SSL certificate secures your domain URL, and an unlimited number of its subdomains. For example "Hyperdrive.robaarts.nl" and "website.robaarts.nl". in my case I requested an "*.robaarts.nl" certificate.

In case you use a wildcard certificate you will need to adjust one more thing on the appliance!
log on to your appliance and edit the hyperdrive.ini file. If you aren't familiar with editing text files in the UNIX vi editor, here is a step-by-step:

  1. Log on to the console of the virtual appliance if you haven't done so already
  2. Then type: vi /usr/local/nomadesk-download/etc/branding/hyperdrive.ini
  3. Use the "up and down keys" to move to a line that looks like this: TrustedDomains="www.google.com;*.nomadeskpartner.com;@DOMAIN@;@DOMAIN_HYPERDRIVE@;*.robaarts.nl"
  4. Hit the "insert" key and type your wildcard domain name like I did in the line above
  5. To save and exit, hit Esc and type ":wq" without the quotation marks, and hit enter.
  6. Type reboot"

 

Finally…

At the installation your client uses the certificates that are installed on your appliance, So you will need to uninstall your Windows HyperDrive client and download and install a new one to get your HyperDrive client running again (No need for this for the Android and IOS app).

Your feedback makes my articles even better ;-).

 

1 Comment

Other Links to this Post

  1. Replacing the RES HyperDrive SSL Certificate | Virtual Engine — July 1, 2014 @ 07:37

RSS feed for comments on this post. TrackBack URI

Leave a comment

You must be logged in to post a comment.