Security

Certificates: Create and Manage SSL Certificates

Manage SSL certificates, creating certificate requests, importing certificates signed by a certificate authority, and setting your IP address to be secured by your certificate.

Certificate Installation

Security :: Certificate Installation

The Bomgar Cloud Appliance comes with a pre-installed certificated signed by a certificate authority (CA). This certificate validates the *.bomgarcloud.com domain. If you wish to change the fully qualified domain name (FQDN) of your appliance, you must install a CA-signed certificate which validates your new FQDN. To do this, you must create a certificate signing request (CSR) from the Bomgar Cloud Appliance as described below. For more details on certificates, see SSL Certificates and Bomgar.

Security :: Certificates :: New Certificate

To create a certificate request, click Create. In Certificate Friendly Name, enter a name you will use to identify this certificate. From the Key dropdown, choose the Existing Key of your *.bomgarcloud.com certificate. Enter the remaining information pertaining to your organization.

In the Name (Common Name) field, enter a descriptive title for your Bomgar site.

In the Subject Alternative Names section, enter your Bomgar site hostname and click Add. Add a SAN for each DNS name or IP address to be protected by this SSL certificate.

Note: DNS addresses can be entered as fully qualified domain names, such as access.example.com, or as wildcard domain names, such as . A wildcard domain name covers multiple subdomains, such as access.example.com, , and so forth.

Click Create Certificate Request.

Security :: Import Certificate

To use a CA-signed certificate, contact a certificate authority of your choice and purchase a new certificate from them using the CSR you created in Bomgar. Once the purchase is complete, the CA will send you one or more new certificate files, each of which you must install on the Bomgar Appliance.

To upload your new certificate files, click Import. Browse to the first file and upload it. Repeat this for each certificate sent by your CA. Often, a CA will not sent their root certificate, which must be installed on your Bomgar Appliance. If the root is missing, a warning appears beneath your new certificate: "The certificate chain appears to be missing one or more certificate authorities and does not appear to terminate in a self-signed certificate".

To download the root certificate for your appliance certificate, check the information sent from your CA for a link to the appropriate root. If there is none, contact the CA to obtain it. If this is impractical, search their website for their root certificate store. This contains all the root certificates of the CA, and all major CAs publish their root store online.

Usually, the easiest way to find the correct root for your certificate is to open the certificate file on your local machine and inspect its "Certification Path" or "Certificate Hierarchy". The root of this hierarchy or path is typically shown at the top of the tree. Locate this root certificate on the root store of your CA's online root store. Once done, download it from the CA's root store and import it to your Bomgar Appliance as described above.

IMPORTANT!

Your new SSL certificate will not become active until it is assigned to the IP address of your appliance. Follow the instructions below to complete this process.

Before you can assign your certificate to your IP address, you must register a DNS CNAME record and then update your appliance with a software update from Bomgar Support. To register your CNAME record, contact the DNS registrar of your choice, and purchase a CNAME record which resolves the new FQDN of your choice (e.g., support.example.com) to the original FQDN of your appliance (e.g., support.bomgarcloud.com). Once done, send an email to Bomgar Support to ask for your new update. Include the original bomgarcloud name of your appliance, the new CNAME of your appliance, and a copy of your new root certificate.

Bomgar Support will build your new update and send installation instructions for it. Once the new update is complete, return to the certificates configuration page of your Bomgar Cloud Appliance and assign the IP of the applaince to the new certificate. To do this, click the Assign IP link in the Certificates record for the certificate which has the Alternative Name(s) of your new CNAME record. On the resulting page, check the box for your IP Addresses and click Save Configuration. After the page reloads, the installation process is complete and your new CNAME should be fully operational.

Certificates

View a table of SSL certificates available on your appliance.

 

 

 

Security :: Certificates :: Edit Certificate Configuration

Click a certificate name to view details, manage its certificate chain, and assign your IP address for this certificate to secure.

 

Security :: Certificates :: Select Action

To export one or more certificates, check the box for each desired certificate, select Export from the dropdown at the top of the table, and then click Apply.

 

Security :: Certificates :: Export

If you are exporting only one certificate, you immediately can choose to include the certificate and/or the certificate chain if available. Click Export to start the download.

 

Security :: Certificates :: Export

If you are exporting multiple certificates, you will have the option to export each certificate individually or in a single PKCS#7 file.

When selecting to export multiple certificates as one file, click Continue to start the download. With this option, only the actual certificate files will be exported, without any certificate chains.

 

Security :: Certificates :: Export

To include certificate chains in the export, select individual export and click Continue to view all selected certificates. For each listing, choose to include the certificate and/or the certificate chain if available. Click Export to start the download.

 

Security :: Certificates :: Select Action

To delete one or more certificates, check the box for each desired certificate, select Delete from the dropdown at the top of the table, and then click Apply.

Note: Under normal circumstances, a certificate should never be deleted unless it has already been successfully replaced by a working substitute.

 

Security :: Certificates :: Delete

To confirm accuracy, review the certificates you wish to delete, and then click Delete.

 

Certificate Requests

Security :: Certificate Requests

View a table of pending requests for third-party-signed certificates. Click a certificate request name to view details.

 

Security :: Certificates :: View Request

The detail view also provides the request data you will give your preferred certificate authority when requesting a signed certificate.

Note: If you are renewing a certificate, use the same certificate Request Data that was used for the original certificate.

 

Security :: Certificate Requests :: Select Action

To delete one or more certificate requests, check the box for each desired request, select Delete from the dropdown at the top of the table, and then click Apply.

 

Security :: Requests :: Delete

To confirm accuracy, review the certificate requests you wish to delete, and then click Delete.

 

Keys

Security :: Keys

View a table of private keys associated with certificates and certificate requests on your appliance. Click a linked certificate name or request name to view details about that associated item.

 

Security :: Keys :: Select Action

To export one or more private keys, check the box for each desired key, select Export from the dropdown at the top of the table, and then click Apply.

 

Security :: Keys :: Export

For each private key you are exporting, choose if you want to include an associated certificate. If the key applies to more than one certificate, select which certificate to include. Certificate requests cannot be included in the export. Optionally, secure the private key with a passphrase. Click Export to start the download.

 

Security :: Keys :: Select Action

To delete one or more private keys, check the box for each desired key, select Delete from the dropdown at the top of the table, and then click Apply.

 

Security :: Keys :: Delete

To confirm accuracy, review the private keys you wish to delete, and then click Delete.

Note: Keys associated with certificates in use (those with assigned IP addresses) cannot be deleted.