It needs to be realized that for ACD’s to be fully functional under HTTPS protocol, its components should be switched to HTTPS protocol, namely the modules
- AuditProxy (Elasticsearch Kibana Proxy)
- AuditServer
- ExportServices
- AuditDriver
- AuditReport
- and in case of use of LDAPS (secure LDAP)
It’s important! In order to prevent any potential problems we highly recommend the use of “TRUSTED SSL CERTIFICATES”, namely the certificate issued and signed by a TRUSTED STORE. I
f you are going to use a SELF-SIGNED certificate, you will need to fulfill an additional number of steps as well as adding your SELF-SIGNED certificate to the web-browser exceptions and to the list of trusted certificates of your JVM cacert.
In order to make the conversion and export of certificates and Keystore more easy and clear, we also recommend using the free software KeyStore Explorer.
It can be found in ACD installation packages or the newest version for your operating system can be downloaded from the following website https://keystore-explorer.org/
This guidance implies that you have already got JKS or PKCS Keystore containing a private key and a certificate chain that corresponds to the hostname of the server that ACD and components are located on (basic installation).
Export of private key and certificate chain into PEM format (required for AuditProxy)
- Start KeyStore Explorer and open your PKCS12 or JKS file. You can be asked to put your keystore and private key password, so enter it.
- Choose the required certificate from the certificates list and click the right mouse button. Choose Export -> Export Private Key from the drop-down menu.