SSL / TLS is always enabled by default in FireDaemon Fusion via a self-signed digital certificate. FireDaemon Fusion allows you to install your own self-signed of signed SSL / TLS server certificate.
Note: Unless SSL is explicitly disabled in the FireDaemon Fusion settings, accessing a FireDaemon Fusion web page must always be through HTTPS, e.g. https: //localhost:20604/
Sections:
- Download a Free Self-Signed Certificate
- Use FireDaemon OpenSSL to Create Your Own Self-Signed Certificate
- Use a Certificate from a Certificate Authority (CA)
Note: The use of a self-signed certificate will cause a web browser to display a security alert message when viewing a FireDaemon Fusion page. If you do not want to see this security message, an SSL certificate must be purchased from a trusted Certificate Authority.
Important: If a password or passphrase is used to protect your SSL .key file, please ensure that the password or passphrase is securely preserved and never lost. There is no way to recover a lost or forgotten password or passphrase.
Download a Free Self-Signed Certificate
You can replace the standard FireDaemon Fusion self-signed digital certificate with another self-signed certificate. The easiest way to obtain a free SSL / TLS self-signed certificate is through the site selfsignedcertificate.com. This site provides basic self-signed certificates at the press of a single button.
Note: These certificates contain minimal information and the web site provides no control over the certificate's fields or values. These certificates should only be installed on development or staging servers, never on production servers.
- In a web browser, navigate to the site selfsignedcertificate.com.
- In the Server name field, enter the domain name or IP address of your FireDaemon Fusion server and click the Generate button.
For example:www.firedaemon-fusion-server.com
Note: If the machine running FireDaemon Fusion has a DNS domain name, this should be entered in the text box. Otherwise, enter the server’s IP address
A page is then displayed showing the details of the generated certificate. Hyperlinks are provided for downloading the private key file (.key) and the public certificate file (.cert). - Click the first link to download the private key file (.key) and save this file to a secure location.
- Click the second link to download the public certificate file (.cert) and save this file to a secure location.
- In a web browser, navigate to the Connectivity tab of FireDaemon Fusion Settings page.
- In the SSL section, drag and drop (or paste) the public certificate file (.cert) into the SSL Certificate field on the screen. Then drag and drop (or paste) the private key file (.key) into the SSL Private Key field on the screen.
The field where you are dragging the file is highlighted with a dashed rectangle. - (Optional) In the Passphrase field, enter a passphrase. Ensure that this passphrase remains secret and is not lost or forgotten.
- Click the Save button to save the new SSL settings, and then restart FireDaemon Fusion.
- FireDaemon Fusion can now be accessed securely through HTTPS.
Use FireDaemon OpenSSL to Create Your Own Self-Signed Certificate
As an alternative to the above method, a self-signed SSL certificate can be generated and installed locally using FireDaemon OpenSSL. This approach provides greater control over the certificate’s fields and values.
FireDaemon provides a freely available, pre-built distribution of OpenSSL for Windows - for more information, see FireDaemon OpenSSL.
- Download and unpack the latest version of OpenSSL, e.g. FireDaemon OpenSSL.
- Open a command window and navigate to the folder containing OpenSSL (in this example, C:\OpenSSL)
set OPENSSL_CONF=C:\OpenSSL\ssl\openssl.cnf C:\OpenSSL\x64\bin\openssl genrsa -out server.key 2048 C:\OpenSSL\x64\bin\openssl req -new -key server.key -out server.csr -sha256 C:\OpenSSL\x64\bin\openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
- Enter the following commands to generate the public certificate (.crt) and private key (.key) files. Note: Enter a password during key creation.
- Save the .key and .crt files to a secure location.
- Follow the steps described above to install these files in the FireDaemon Fusion SSL settings web page.
Use a Certificate from a Certificate Authority (CA)
A third approach is to obtain or purchase a signed certificate from one of the many third-party certificate authorities on the Internet. Some well-known examples of CAs include DigiCert, ssls.com or comodo.com. Note that FireDaemon does not partner with or commercially recommend any particular certificate authority.
After obtaining or purchasing a signed certificate, follow the steps described above for installing the certificate file and the private key in the FireDaemon Fusion SSL settings web page. The procedure is the same as that for installing a self-signed certificate.