Ask the Community
Groups
Using An Existing SSL Certificate - R9.4 or later - Connect IT Community | Kaseya
<main> <article class="userContent"> <p><strong>IMPORTANT</strong> - Using the <a href="https://kaseya.vanillacommunities.com/kb/articles/aliases/kaseya/hc/en-gb/articles/229026408-Using-An-Existing-SSL-Certificate-R7-through-R9-3" rel="noopener nofollow"><strong>SSL Configuration Tool</strong></a> (the Java-based tool) will not work in 9.4 or later, you must use the NEW tool outlined in this KB.</p> <p>If you already have an SSL Certificate installed in MS-IIS and you wish to export and use in the Kaseya Application Firewall Certificate Manager please review the directions below:</p> <p><strong>1. Start the Microsoft Management Console (MMC) by going to Start->mmc.exe</strong></p> <p><img src="/attachments/token/tvJaEkslaFodVXPWvjwAZHK5H/?name=mmc.png" alt="mmc.png" width="396" height="386" class="embedImage-img importedEmbed-img"></img></p> <p><strong>2. From MMC, choose File->Add/Remove Snap-in</strong></p> <p><img src="/attachments/token/C3nqFFdcsa4cO9wzLw9BaMRuX/?name=mmc1.png" alt="mmc1.png" width="792" height="424" class="embedImage-img importedEmbed-img"></img></p> <p><strong>3. From Add or Remove Snap-ins, select "Certificates" then click "Add" </strong></p> <p><strong><img src="/attachments/token/hELSk7lj5CrCuVRJzSAlwCMNI/?name=mmc-cert.png" alt="mmc-cert.png" class="embedImage-img importedEmbed-img"></img></strong></p> <p><strong>4. Select "Computer Account"</strong></p> <p><strong><img src="/attachments/token/vsL6SmR8xv2fn7ZpG097nY28b/?name=mmc-cert1.png" alt="mmc-cert1.png" class="embedImage-img importedEmbed-img"></img></strong></p> <p><strong>5. Select "Local Computer"</strong></p> <p><strong><img src="/attachments/token/OrYj8SQ5p6Hu9XtNHVJXkhM97/?name=mmc-cert2.png" alt="mmc-cert2.png" class="embedImage-img importedEmbed-img"></img></strong></p> <p><strong>6. You now see "Certificates (Local Computer) in the selected snap-ins, click "OK"</strong></p> <p><strong><img src="/attachments/token/GrdOvaPPfzHCq5vIepORmGErY/?name=mmc-cert3.png" alt="mmc-cert3.png" class="embedImage-img importedEmbed-img"></img></strong></p> <p><strong>7. Select Your Certificate</strong></p> <p> In the left-hand pane, open Certificates->Personal->Certificates and it will show you all the SSL Certificates you have installed. Select the one you wish to export, right click, select "All Tasks" and click "Export"</p> <p><strong><img src="/attachments/token/O0XjJ6ULzpwp5Z5vnrOTgKjmR/?name=mmc-export.png" alt="mmc-export.png" width="776" height="504" class="embedImage-img importedEmbed-img"></img></strong></p> <p><strong>8. Start the Certificate Export Wizard, then click "next"</strong></p> <p><strong><img src="/attachments/token/6HWVPIWVda3maPbirIY1TUoQo/?name=export1.png" alt="export1.png" class="embedImage-img importedEmbed-img"></img></strong></p> <p><strong>9. You must select "Yes, export the private key", then click "next"</strong></p> <p><strong><img src="/attachments/token/hhNBg0ntvXXVvsWhklvl5qBOs/?name=export-private-key.png" alt="export-private-key.png" class="embedImage-img importedEmbed-img"></img></strong></p> <p><strong>10. You must select "PKCS#12 and check "Include all certificates in the certification path if possible" and "Export all extended properties", then click "next"</strong></p> <p><strong><img src="/attachments/token/lncwHoQ3vPWc2H9GknJbd9AP8/?name=export-chain.png" alt="export-chain.png" class="embedImage-img importedEmbed-img"></img></strong></p> <p><strong>11. Provide a name for your export (and browse to the location you want to save it to) then click "next"</strong></p> <p><strong><img src="/attachments/token/pKbHOTKcVfObbFU2w88sBobeV/?name=export-name.png" alt="export-name.png" class="embedImage-img importedEmbed-img"></img></strong></p> <p><strong>12. Give the file a password</strong></p> <p><strong><img src="/attachments/token/PUCG1mxOPqUSKQjVDffErnFY4/?name=export-password.png" alt="export-password.png" class="embedImage-img importedEmbed-img"></img></strong></p> <p><strong>13. Complete the export</strong></p> <p><strong><img src="/attachments/token/XllKDQoWLvwU4wpf0LNheLPVQ/?name=export+complete.png" alt="export_complete.png" class="embedImage-img importedEmbed-img"></img></strong></p> <p><strong>14. You have exported the PKCS#12 file with your certificate(s) included. Please make sure during the export steps above you have selected the following:</strong></p> <p><strong>a) Export the private key</strong></p> <p><strong>b) Checked "Include all certificates in the certification path if possible"</strong></p> <p><strong>c) Checked "Export all extended properties", then click "next"</strong></p> <p><em><strong>*You may receive errors or certificate warnings if you did not include the above items during the export.</strong></em></p> <p><strong>**NB**: The certificate (PFX File) needs to be stored in a location that is available to the system at all times. We advise X:\Kaseya\Certificate (where X:\ is the install drive of your Kaseya install). </strong></p> <p>Do not store the PFX file in a user-specific folder (c:\users\sam\desktop\myCert.pfx) as this location is not available to the system.</p> <p>Do not use a UNC path (\\fileServer\data\myCert.pfx), as should there be a network issue, the certificate will not be available to the Kaseya Edge Service.</p> <p>Do not use a temp directory (C:\windows\temp), the certificate will not be available to the Kaseya Edge Service.</p> <p>Do not delete the PFX file, even once imported - this file needs to be available at all times, not only to import or start the server but during normal operation of the Kaseya Edge Service.</p> <p><strong>15. If you have an intermediate certificate (not required for the VSA, but required for add-on modules, like O365 Backup (Spanning), Compliance Manager (RapidFire Tools), Unitrends (KUB + KDCB), please follow the instructions of your certificate provider.</strong></p> <p>The file format should be a <strong>.p7b</strong></p> <p>You can refer to this link and the section for <em>Install any Intermediate Certificate: </em><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.sslshopper.com%2Farticle-installing-an-ssl-certificate-in-windows-server-2008-iis-7.0.html">https://www.sslshopper.com/article-installing-an-ssl-certificate-in-windows-server-2008-iis-7.0.html</a></p> <p><strong>16. Now You Need to Import Your Certificate File into the Kaseya Application Firewall Certificate Manager.</strong></p> <p>This can be done either during installation when you are prompted.</p> <p>Below is a screenshot of the prompt during installation:</p> <p><img src="/attachments/token/GciN02G6SWczBiW6MFMvcCjJk/?name=sslcertificate.png" alt="sslcertificate.png" class="embedImage-img importedEmbed-img"></img></p> <p>Or,</p> <p>After installation by going to <strong>$:\Kaseya\Services\KAF-Tool.exe </strong>and using the <strong>Kaseya Application Firewall Certificate Manager</strong>, the screen will look like this:</p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/7UDHCW0YKY65/91afa15254916f18449779eb8d30575465c2a513ea5dcea1cf6fd5f781e7feea.png" alt="image" class="embedImage-img importedEmbed-img"></img> </p> <p><strong>IMPORTANT</strong> - Using the <strong>SSL Configuration Tool</strong> (the Java-based tool) will not work in 9.4 or later, you must use the NEW tool outlined above. May need to be run as administrator if it fails.</p> <p><strong>17. Using Either Process, copy your certificate file to a safe location on the machine (where it won't be deleted), then use either of the above-pictured interfaces to browse to select that file, enter the password/passphrase you set when you exported it and click update/next.</strong></p> <p> </p> <p><strong>18. Go to Services and Restart the "Kaseya Edge Services" and the system will now use the SSL Certificate you imported.</strong></p> </article> </main>