SSL Certificates and Bomgar
Note: For the Privileged Access Management SSL certificate guide, see SSL Certificates and Bomgar Privileged Access Management.
In this guide, you will learn about the role of SSL certificates in Bomgar — why they are needed and how to use them.
What is SSL?
SSL (Secure Socket Layer) is a security protocol that uses encryption to ensure the secure transfer of data over the internet. An SSL certificate is a small digital file that contains a public key and private key pair, along with a "subject," which is the identity of the certificate owner. These keys work in a way that allows for the creation of a secure, encrypted connection between both parties. For example, in order for a browser and a server to establish a secure connection, an SSL certificate is needed. Essentially, an SSL certificate works as certified, digital proof of your online identity.
Before Bomgar can provide your custom software package, your Bomgar Appliance must have a valid SSL certificate installed that matches the hostname you have selected for your Bomgar site.
When properly installed, an SSL certificate validates the identity of your Bomgar site and allows software such as web browsers and Bomgar clients to establish secure, encrypted connections.
What is a Certificate Authority?
The CA or Issuing Authority issues multiple certificates in a certificate chain, proving that your site's certificate was issued by the CA. This proof is validated using a public and private key pair. The public key, available to all of your site visitors, must validate the private key in order to verify the authenticity of the certificate chain. The certificate chain typically consists of three types of certificate:
Root Certificate – The certificate that identifies the certificate authority.
Intermediate Root Certificates – Certificates digitally signed and issued by an Intermediate CA, also called a Signing CA or Subordinate CA.
Identity Certificate – A certificate that links a public key value to a real-world entity such as a person, a computer, or a web server.
If your SSL certificate does not match your Bomgar site's hostname, your users will experience security errors. The proper way to resolve this is to get an SSL certificate signed by a third-party certificate authority (CA).
As a temporary measure, you can create a self-signed certificate, but this will not resolve all of the errors that come with not having a CA-signed certificate.
- iOS and Android software clients (representative consoles, customer clients, SDK)
- Linux software clients (representative console, customer client)
- Click-to-chat sessions
How do I obtain a CA-signed SSL certificate?
Once the CSR has been created, the appliance generates and saves a unique private key. You must then submit the CSR to a CA without the private key. The CA validates the identity of your site and returns a signed certificate to you, which you must install on your Bomgar Appliance.
Never send the private key over the internet, and always secure it with a strong password.
To have full functionality of the Bomgar software and to avoid security risks, it is very important that you obtain a valid CA-signed SSL certificate as soon as possible.
You can obtain an SSL certificate from a commercial or public certificate authority or from an internal CA server if your organization uses one. Bomgar does not require customers to obtain a certificate from a select list of certificate authorities.
Bomgar does not require any special type of certificate. Bomgar does accept wildcard certificates, subject alternative name (SAN) certificates, Unified Communications (UC) certificates, Extended Validation (EV) certificates, and so forth, as well as standard certificates.
The sections in this guide explain how to request and upload a certificate for the first time, how to replicate a certificate on additional Bomgar Appliances, how to renew an expired certificate, and how to replace a certificate with one from another certificate authority.