Description


System Modules


It needs to be realized that for ACD’s to be fully functional under HTTPS protocol, its components should be switched to HTTPS protocol, namely the modules


SSL Certificates


It is important! In order to prevent any potential problems we highly recommend the use of “TRUSTED SSL CERTIFICATES”, namely the certificate issued and signed by a TRUSTED STORE.

If you are going to use a SELF-SIGNED certificate, you will need to fulfill an additional number of steps as well as adding your SELF-SIGNED certificate to the web-browser exceptions and to the list of trusted certificates of your JVM cacert.

In order to make the conversion and export of certificates and Keystore more easy and clear, we also recommend using the free software KeyStore Explorer.
It can be found in ACD installation packages or the newest version for your operating system can be downloaded from the following website https://keystore-explorer.org/

This guidance implies that you have already got JKS or PKCS Keystore containing a private key and a certificate chain that corresponds to the hostname of the server that ACD and components are located on (basic installation).


Installation

Export of private key and certificate chain into PEM format (required for AuditProxy)

  1. Start KeyStore Explorer and open your PKCS12 or JKS file.
    If you are asked to enter your keystore and private key password, please do so.

  2. Choose the required certificate from the certificates list and click the right mouse button.
    Choose Export -> Export Private Key from the drop-down menu.

  3. Select the type of Export PKCS #8 and press OK.



  4. In the new window uncheck Encrypt, choose PEM and enter the path to a location where AuditProxy is installed.
    Also, enter the file name for your private key as well.

  5. Click Export to export the private key.
  6. Next, choose again the required certificate from the certificates list and click the right mouse button. Choose Export -> Export Certificate Chain from the drop-down menu.


                 


           7. In the appeared window choose Entire Chain, Export Format X.509, tick PEM box and enter the path to the location where AuditProxy is installed.

               Also, enter the file name for your certificate chain.                 


           8. If you use Self-signed certificates, you also have to export Public key. Choose the required certificate from the certificates list and click the right mouse button.

               Choose Export -> Export Public Key from the drop-down menu.


                  


            9. In the appeared window tick PEM box and enter the path to the location where AuditProxy is installed.

                Also, enter the file name for your public key. Click Export.


                   


            The export procedure is completed.

           SSL certificate installation for AuditProxy (Elasticsearch Kibana Proxy)

  1. Stop AuditProxy.
  2. Open the folder with AuditProxy and create a backup copy of config.json file (in case of the return to http protocol).
  3. Open config.json file in a text editor and take the following steps:

              a) Set useSSL in true for helpers, elasticsearch, kibana section.

              b) Enter the file names for keyFile and certFile, which you used for export (please see above).

              c) In kibana section, in auditUrl field change the protocol from http to https.

              d) Enter the name of the public key file, which you used for export (please see above).

         

    4. If you use Self-signed certificates, you also have to enter the parameter check-cert=false to launch kibana-http-proxy application.

    5. Save changes for config.json file and launch AuditProxy.

    6. To check if AuditProxy services started properly, open the following URLs in a browser:

        a) https://127.0.0.1:5151/ - to check elasticsearch proxy

        b) https://127.0.0.1:5050/ - to check kibana proxy

        c) https://127.0.0.1:9090/ - to check AuditServer config service