SSL Certificate Requirement
All Bomgar software communication occurs via secure, encrypted connections. These rely on the industry standard Secure Sockets Layer (SSL) technology and DNS address of the appliance. Bomgar Appliances ship with a default certificate which secures the initial connection to the 169.254.1.x management address. However, this will not satisfy the requirements of Bomgar's client software, which runs more rigorous validation checks than standard web browsers. Therefore, before Bomgar can provide you with a fully operational software licensing package, your Bomgar Appliance will need to have a valid SSL certificate installed that matches the DNS A-record you have registered for your appliance.
A valid SSL certificate can be either a certificate authority-signed (CA-signed) SSL certificate or a self-signed SSL certificate. CA-signed certificates are required to fully leverage all of Bomgar's functionality (e.g., click-to-chat and mobile clients), but they require that a certificate signing request (CSR) be submitted to the CA. The CSR is an industry standard used by all network devices and software which use SSL. If a CSR/CA-signed certificate is used instead of a self-signed certificate, the CA-signed certificate must be downloaded from the CA's website (or certificate purchase email) and imported to the Bomgar Appliance from the /appliance interface.
For more information on how Bomgar uses SSL certificates as well as detailed configuration steps to request and install certificates in Bomgar, see the SSL Certificates Guide. The section Create an SSL Certificate describes the steps for initial configuration in detail. An overview of the process is given below.
- Log into the Bomgar /appliance interface and create a certificate signing request (CSR) or self-signed certificate.
Note: If the Bomgar Appliance will be using a copy of the certificate from another Bomgar Appliance or server, no CSR or self-signed certificate is necessary. Instead, export the certificate with its private key from the system on which it currently resides and import it to the Bomgar Appliance. For detailed steps, see the section Replicate the SSL Certificate on Failover and Atlas Appliances in the SSL Certificates Guide.
- Assign the new certificate to the IP address(es) of the Bomgar Appliance.
- Send Bomgar Technical Support a copy of the SSL root certificate and/or appliance DNS address. Also send a screenshot of the /appliance > Status > Basics page.
Note: If a self-signed certificate is used, the certificate serves as its own root certificate, and therefore, the self-signed certificate should be sent to Bomgar Technical Support. If a CA-signed certificate is used, contact the CA for a copy of their root certificate. If you have trouble contacting the CA, articles to assist with obtaining your root certificate can be found at help.bomgar.com. In either case, Bomgar Technical Support will need to know the DNS address of the appliance. If your DNS address is public and the SSL certificate is already installed, Support can retrieve a copy of the root from the public DNS address; in this case, it is not necessary to manually send the root certificate. If you send the SSL certificate, be sure it is in PKCS#7 (.p7b) format or DER (.cer) format. Do not send PKCS#12 (.p12 and .pfx).
Once the above steps are complete, Bomgar Technical Support encodes the DNS hostname and SSL root certificate into a new software licensing package, sends it to the Bomgar licensing servers for building, and then sends you instructions to install the newly-built package once it is complete.