KB 2723: CREATE A CERTIFICATE FOR SSL DECRYPTION UNDER MS WINDOWS

Published November 27, 2023

How to create self-signed certificates with the XCA tool and install them on Olfeo for SSL decryption.

Objective

Create the certificates needed to run the SSL decryption component on Windows.

STEPS

  1. Download and install the XCA tool: https: //sourceforge.net/projects/xca/files/xca/1.3.2/setup_xca-1.3.2.exe/download.
  2. Once the tool has been installed, launch it:
  3. Create a database: File > New database.
  4. Create your certificate: Certificates > New Certificate.
  5. In the Sourceselect the desired signature algorithm (recommended value: SHA 256):
  6. In the Subjectfill in the certificate information, then click on Generate a new key :
  7. In the ExtensionsSet the certificate's validity date and type. Certification authority :
  8. Click on OK.

    NB: Please note the limitations set by Apple for MacOS and iOS: the validity period of a certificate must be less than 825 days.

    source : https://support.apple.com/en-us/HT210176

  9. Export the certificate and its key: in the Certificatesselect the certificate, then click on Export. Keep the default options and click on OK :
  10. In the Private keysperform the same operation:
  11. The files were created in the C:\Program Files (x86)\xca directory:

  12. For an Olfeo v5, transfer the certificate and key to the Olfeo via SCP :For an Olfeo v6, the certificate is imported via the administration interface.
  13. Export the certificate in DER format for client workstations:
  14. Import it into the browser :Firefox Be sure to select the Authorities :

    Then check Confirm this CA to identify websites.

    Internet Explorer: Tools > Internet Options > Content > Certificates, then Trusted Certification Authorities tab:

 

 

VALIDATION

Launch Internet Explorer or Firefox, then connect to an HTTPS site. In the access.log, you'll see a CONNECT to the HTTPS site, followed by a GET to the same site: