SSL certificates
In order to use SSL or TLS for any service you must install a server certificate. This can be done by purchasing a certificate from a trusted certificate vendor or by installing a self signed certificate.
A self signed certificate allows secure communication without the cost of purchasing a certificate. However, the certificate cannot be verified by a users client or browser and will display a warning. The user must then select to continue with the certificate despite the trust warning.
Installing a purchased Certificate
- Purchase a certificate from a trusted source
- Open the Windows Start menu and click inside the “Search Programs and Files” box. Type “certmgr.msc” (without quotes) in the box and press “Enter” to open the Certificate Manager.
- Expand personal and certificates
- Right click Certificates and select AllTasks -> Import
- Complete the dialogs
- Restart FTGate and then select the certificate in the required services.
Creating a self signed certificate
We have often been asked why we do not supply a certificate that can be installed on your PC to run WebMail etc.
There are various reasons but the main one is that you should use a real certificate that is unique to your installation.
It is simple to do this and to make life easier we have put the required files into a self extracting zip file and included a batch file to run in order to create and install a self signed certificate. You can then use this certificate in FTGate.
Please note that using SSL does slow down all services that use it due to the overhead of encryption. So if you only use a service over the LAN there is no point in using SSL.
You can download the zip from here:
Download the file and run it, store the files in a known location.
Then use the DOS command box to run the batch file with a single argument with the server domain name you wish to use. e.g.
cert www.myserver.com
This will create and install a certificate called www.myserver.com
You should make this name the hostname of your computer as typed in your browser.