SSL Configuration - Sjakil/gunthy-gui GitHub Wiki

What is an SSL certificate?

SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of most sites.

SSL Certificates bind together:

  • A domain name, server name or hostname.
  • An organizational identity (i.e. company name) and location.

Taken from: https://www.globalsign.com/en/ssl-information-center/what-is-an-ssl-certificate/

GUI Options

When using the GUI you've got three options:

SSL Configuration

Upload certificate

In case you already have a certificate (for example from using the LetsEncrypt service), you can upload it to the GUI. Please note that the GUI only accepts your certificate in PEM format.

Self signed certificate

For most users that do not already have a certificate, there is a shortcut available called a self signed certificate. As the name suggests, this method involves generating a certificate by yourself, on your own machine. Using such a certificate means that your browser will give you a warning about the fact that it was not generated by a certified authority. You can ignore this warning, https will still be enabled.

In order to generate a self signed certificate, you will need OpenSSL installed on your system. Please read the instructions specific to your operating system.


Linux

On linux systems, OpenSSL should be available out of the box. No need to take any action.


Windows

Installing OpenSSL on Windows is the most challenging but can be done using the following steps:

We will use "C:\OpenSSL" as OpenSSL directory in this example, please change it everywhere in case you use a different location.

Step 1) Download and unzip Fulgan OpenSSL to your folder.

https://indy.fulgan.com/SSL/openssl-1.0.0t-x64_86-win64.zip

Step 2) Download OpenSSL configuration file and place it into your OpenSSL folder

https://gunthygui.com/openssl.cfg

(this is a default configuration file, taken from http://www.flatmtn.com/article/setting-openssl-create-certificates)

Step 3) Add system environment variables

The GUI needs to know where to locate OpenSSL. This can be specified using the environment variable PATH. In order to change this variable, please locate the configuration window shown in the screenshot below. You can access it by opening an explorer window, then right-clicking on "This PC" or "Computer" and finally, clicking "Properties".

Depending on your version of windows please pick one of the following two methods:

Method #1) Locate the PATH variable and add the OpenSSL directory to the existing text, preceded by a semi colon.

EXISTING_DIRECTORIES_HERE;C:\OpenSSL

Method #2) Simply add a new entry pointing to your OpenSSL directory.

Next, a second environment variable needs to be configured so that OpenSSL can find it's configuration file. Add a new variable by the name OPENSSL_CONF and set the value to C:\OpenSSL\openssl.cfg

Environment variables

Restart your GUI, the "Generate" button should now work.


MacOS

You can use Homebrew on MacOS to install OpenSSL. Open a terminal window and execute following commands:

Step 1) Install Homebrew (https://brew.sh/)

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Step 2) Install OpenSSL using homebrew

brew install openssl

Restart your GUI, the "Generate" button should now work.

No certificate

You can use this option if you don't want to do the initial SSL configuration setup (and hopefully do it later).