Blog

Archive for Certificates

How to export a certificate created with #WebhostingManagement to .PFX with Core-Admin

[extoc]

Introduction to certificates generated with #WebhostingManagement

By default, all certificates created by the #WebhostingManagement uses .PEM format, which is suitable for most configurations.

In the case you want to export one of these certificates to .PFX format, follow next steps.

Prerequisites

You need to have a working #WebhostingManagement installation with a certificate already installed (completed or flagged as ready).

You will need Administrator rights too (application admin, machine admin or platform admin).

Exporting a certificate to .PFX with Core-Admin

Get into the panel, click on the machine to manage or application (if you only have application admin rights) and click on the #WebhostingManagement application:

Launching #WebhostingManagement application

Then click to launch “export to .pfx” option:

Download certificate in PFX format

 

Now select certificate to export. Only completed certificates (.CSR signed, sent to certificate authority, and got back response to complete certificate) and certificates flagged as ready will be showed for export.

Selección_265

After that, a window will appear with a link to download .pfx certicate. Click on it and your are done.

Selección_266

 

Posted in: Apache2, Certificates, Web hosting

Leave a Comment (0) →

Configuring Let’s encrypt for Core-Admin panel’s certificate

Configuring Let’s encrypt for Core-Admin panel’s certificate

The following short guide will give you tips on how to configure let’s encrypt certificate for your Core-Admin web administration panel. That is, the certificate used by the panel to secure all comunication between your web browser and the Core-Admin server.

These indications depends on the current status of your Core-Admin installation and your preference about doing it from console or using the web panel.

Having a working Core-Admin server: upgrade to let’s encrypt certificate

If you have a working Core-Admin with web access, you can install “Let’s encrypt Management” application and then use the specific option to request and configure a Let’s encrypt certificate for your local server. Here is how:

After you have installed the tool (or if you already have it), open the tool, and follow these steps:

Let's encrypt management -> Actions -> Certificate for Core-Admin server  (follow instructions from there)

Having a working Core-Admin server with let’s encrypt already deployed: console command

In the case you are already using Core-Admin with let’s encrypt tool, you can use the following command to request, install and reconfigure your core-admin server with a let’s encrypt certificate:

>> crad-lets-encrypt.pyc -s <your-contact-email>

Configuring let’s encrypt certificate just after finishing Core-Admin installation using core-admin-installer.py

In the case you have just installed core-admin, you can use the following command to install Let’s encrypt application, Certificate manager and request the certificate for your core-admin server:

>> cd /root
>> wget http://www.core-admin.com/downloads/core-admin-installer.py
>> chmod +x core-admin-installer.py
>> ./core-admin-installer.py --core-admin-le-cert=<your-contact-email>

The difference between this command and crad-lets-encrypt.pyc is that the later is only available when you already have Let’s encrypt management tool installed. Otherwise crad-lets-encrypt.pyc will not be available.

Posted in: Administration, Certificates, Core-Admin, Let's Encrypt, Security, SSL/TLS

Leave a Comment (0) →

Let’s encrypt: trusted SSL/TLS certificates for everyone

letsencrypt-128x128Let’s encrypt (http://letsencrypt.org) now is making it possible for everyone to have access to trusted certificates for free. It does it by using a client that implements the ACME protocol (https://github.com/ietf-wg-acme/acme/), which allows you to get access to the Let’s encrypt infrastructure to request and issue a certificate for your domains.

This is a very important step to secure even more the internet by making possible that, at least, all administration panels can get secured with it. We are talking about “at least administration panels” because it is still possible that you might be interested in legacy SSL/TLS certificates where it can include your contact information or, for legal or techical reasons, you might need a certificate signed by a particular vendor.

In any case, this new technology, promoted by important vendors involved in promoting the web, will provide a secure and trusted solution for many of our devices (routers, IoT “things”, appliances, etc) to have them secured with a https:// page running a SSL/TLS certificate…for free!

So, there’s no excuse anymore to protect your sensitive web pages, especially those running critical services with http:// administration panels.

Core-Admin and Let’s encrypt management application

Core-Admin now support Let’s encrypt by fully integrating it with an easy to use graphical interface that allows to easily locate web pages running at your servers, and request a certificate for them.

This new application is available from Core-Admin revision 4615. Check the following Let’s encrypt for Core-Admin manual to know more details about it: http://www.core-admin.com/portal/applications/lets-encrypt

Posted in: Administration, Certificates, Security

Leave a Comment (0) →

Connecting to your Core-Admin web panel

Introduction: how to connect to Core-Admin server

Core-Admin provides a web panel interface to administrate and monitor services, applications and machines. To get a real-time interaction between users and these machines’ services, Core-Admin takes advantage of  BEEP (Block Extensible Exchange Protocol http://www.beepcore.org).

However,  BEEP is based on TCP/IP and this protocol is not available “as is” in the current web browsers and it is not likely to be in the near future. For that, Core-Admin uses two methods (and there may be more in the future) to enable TCP/IP availability (in fact, something similar), so your browser can talk “BEEP” with the central server it is trying to connect to.

These methods, both available through jsVortex, are the following:

  • WebSocket: if the browser has support for this new technology, it will be the default choice.
  • JavaSocketConector: otherwise, Core-Admin will use a java applet to enable TCP/IP access.

All modern browsers (those comming out since 2010), including Internet Explorer 8 and so forth, includes support for JavaSocketConnector. In fact, any browser that has support for Java will have support for JavaSocketConnector.

Steps to connect

By default, your Core-Admin web-client will try to connect through WebSocket (this is done automatically). In the case it is not posible (because WebSocket isn’t detected), JavaSocketConnector will be enabled. At any time, you enable/force to use a particular interface by clicking on the link at the bottom left part of the interface:

In the case your browser does not support WebSocket, Core-Admin will detect it and will enable JavaSocketConnector interface without making you to pay attention to this detail.

You’ll see this is happening when your core-admin is loaded from an URL direction ending by: /index-java.html

In both cases, using WebSocket or JavaSocketConnector, your core-admin client will attempt to connect through the 602/TCP port. Therefore, be sure there is no firewall blocking that internet connection.

Connecting to your core-admin server without a signed certificate while using WebSocket

If your Core-Admin server doesn’t have a TLS/SSL signed certificate (signed by a known party), then it is possible you’ll receive the following error when connecting using WebSocket (failed to connect to wss://):

Assuming your BEEP server is there (because that error may be confused by just having your server down), this is because the browser is detecting the certificate isn’t signed or it cannot be trusted. Users have complained about browsers not providing a dialog to accept even this connections, anyhow, current options to solve this problem are:

  • To get a TLS/SSL certificate signed by a known party. It is by far the easiest solution and it is also the recommended way in the case you expect to provide access to general users (for example, for webhosting services), but it involves a cost for signing the certificate. Core-Admin users have especial prices for certificate signing, see next: core-admin certificates.
  • To use JavaSocketConnector which doesn’t suffers from this problem.
  • Create a browser exception to allow this connection.

Creating a browser exception to enable WebSocket without certificate

Next, we will show you how to add an exception for various web browsers:

  • Google Chrome: create a direct access which runs the following command:
    >> google-chrome –ignore-certificate-errors –user-data-dir=/tmp/core-admin
  • Mozilla Firefox: get into certificate management section and add an exception. For that, select Edit -> Preferences -> Advanced -> Cyphering -> View certificates -> Add exception. Inside, add the core-admin’s server direction to which you are trying to connect to, for example: wss://core-admin.servidor.com:602
    It is really important to pass the right server name (the one provided in the installation) to make it match with the url access.

Core-admin browsers compatibility table

Next it is shown currently web browsers supported by Core-Admin, showing versions and connection method available for each of them:

Google Chrome Firefox Safari Internet Explorer Opera
WebSocket (RFC6455) support 16.0 or higher 11.0 or higher 6.0 or higher 10 or higher 12.0 or higher
Support for JavaSocketConector
(requires java applet)
13.0 or higher 2.0 or higher 5.0 or higher 8 or higher 8.0 or higher
Requires signed certificate when using WebSocket?
Can be added an exception while using WebSocket?

 

Posted in: Certificates, Core-Admin, JavaSocketConnector, WebSocket

Leave a Comment (0) →