KB 2723: CREATE A CERTIFICATE FOR SSL DECRYPTION UNDER MS WINDOWS
Published November 27, 2023
How to create self-signed certificates with the XCA tool and install them on Olfeo for SSL decryption.
Objective
Create the certificates needed to run the SSL decryption component on Windows.
STEPS
- Download and install the XCA tool: https: //sourceforge.net/projects/xca/files/xca/1.3.2/setup_xca-1.3.2.exe/download.
- Once the tool has been installed, launch it:
- Create a database: File > New database.
- Create your certificate: Certificates > New Certificate.
- In the Sourceselect the desired signature algorithm (recommended value: SHA 256):
- In the Subjectfill in the certificate information, then click on Generate a new key :
- In the ExtensionsSet the certificate's validity date and type. Certification authority :
- Click on OK.
NB: Please note the limitations set by Apple for MacOS and iOS: the validity period of a certificate must be less than 825 days.
- Export the certificate and its key: in the Certificatesselect the certificate, then click on Export. Keep the default options and click on OK :
- In the Private keysperform the same operation:
- The files were created in the C:\Program Files (x86)\xca directory:
- For an Olfeo v5, transfer the certificate and key to the Olfeo via SCP :For an Olfeo v6, the certificate is imported via the administration interface.
- Export the certificate in DER format for client workstations:
- Import it into the browser :Firefox Be sure to select the Authorities :
Then check Confirm this CA to identify websites.
Internet Explorer: Tools > Internet Options > Content > Certificates, then Trusted Certification Authorities tab:
VALIDATION
Launch Internet Explorer or Firefox, then connect to an HTTPS site. In the access.log, you'll see a CONNECT to the HTTPS site, followed by a GET to the same site: