SSL Certificates and Bomgar
In this guide, you will learn about the role of SSL certificates in Bomgar — why they are needed and how to use them.
What is SSL?
SSL (Secure Socket Layer) is a security protocol that uses encryption to ensure the secure transfer of data over the internet. An SSL certificate is a small digital file that contains a public key and private key pair, along with a "subject," which is the identity of the certificate owner. These keys work in a way that allows for the creation of a secure, encrypted connection between both parties. For example, in order for a browser and a server to establish a secure connection, an SSL certificate is needed. Essentially, an SSL certificate works as a certified, digital proof of your online identity.
Before Bomgar can provide your custom software package, your Bomgar Appliance must have a valid SSL certificate installed that matches the hostname you have selected for your Bomgar support site.
When properly installed, an SSL certificate validates the identity of your support site and allows software such as web browsers and Bomgar clients to establish secure, encrypted connections.
If your SSL certificate does not match your support site's hostname, your users will experience security errors. The proper way to resolve this is to get an SSL certificate signed by a third-party certificate authority (CA).
As a temporary measure, you can create a self-signed certificate, but this will not resolve all of the errors that come with not having a CA-signed certificate. If your site uses the factory default certificate or even if it uses a self-signed certificate, customers attempting to access your support portal will receive an error message warning them that your site is untrusted. Furthermore, without a CA-signed certificate, some software clients will not function at all. Bomgar software clients which absolutely require the heightened security of a CA-signed certificate include:
- iOS and Android software clients (representative consoles, customer clients, SDK)
- Linux software clients (representative console, customer client)
- Click-to-chat sessions
To have full functionality of the Bomgar software and to avoid security risks, it is very important that you obtain a valid CA-signed SSL certificate as soon as possible.
You can obtain an SSL certificate from a commercial or public certificate authority or from an internal CA server if your organization uses one. Bomgar does not require customers to obtain a certificate from a select list of certificate authorities.
Bomgar does not require any special type of certificate. Bomgar does accept wildcard certificates, subject alternative name (SAN) certificates, Unified Communications (UC) certificates, Extended Validation (EV) certificates, and so forth, as well as standard certificates.
The sections in this guide explain how to request and upload a certificate for the first time, how to replicate a certificate on additional Bomgar Appliances, how to renew an expired certificate, and how to replace a certificate with one from another certificate authority.