How to install SSL Certificate for Nectus GUI

,

This guide explains how to generate the CSR code and install a commercial SSL certificate for Windows Apache so that you could access your Nectus GUI page securely via HTTPS.

It assumes that during Nectus installation, you selected the default location which is C:\Program Files\Nectus.

If you installed Nectus in a different folder, make sure to adjust the commands and locations given in this guide accordingly.

In general, in order to have a website accessible using secure HTTPS connection, the web server must have a pair of public and private keys configured.

The public key must be signed by a trusted Certificate Authority and added to a digital SSL certificate.

To obtain that certificate, you will need to send the certificate signing request (CSR) code to your SSL provider. Please refer to instructions below:

Generating CSR using OpenSSL

  1. On your Windows server, press Win+R, enter cmd and hit OK

 

2. Enter the following command to run OpenSSL: “C:\Program Files\Nectus\Web\Apache24\bin\openssl.exe”

 

 

3. The prompt will change to OpenSSL>. This means we can run the OpenSSL commands now.

To generate a new CSR/Key pair for your future SSL certificate, execute the following this command:

 

req -new -newkey rsa:2048 -nodes -keyout “C:\Program Files\Nectus\Web\Apache24\conf\yourdomain.key” -out “C:\Program Files\Nectus\Web\Apache24\conf\yourdomain.csr” -config “C:\Program Files\Nectus\Web\Apache24\conf\openssl.cnf”

 

4. You will be prompted to enter certain information related to your domain.

The commentaries for each field are provided after the // sign.

Country Name (2 letter code) [AU]:US // enter the ISO 3166-2 compliant country code here

State or Province Name (full name) [Some-State]:California // the field for the state

Locality Name (eg, city) []:Los Angeles // the field for the city

Organization Name (eg, company) [Internet Widgits Pty Ltd]:NA // the name of your company. If you do not have a company or do not wish to indicate it, simply put NA

Organizational Unit Name (eg, section) []:NA // a department of your company. NA can be used here

Common Name (e.g. server FQDN or YOUR name) []:example.com // this is the field for your domain

Email Address []:. // this field is not required generally so you can leave it blank

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:. // can be left blank

An optional company name []:. // can be left blank

 

5. Once done, the C:\Program Files\Nectus\Web\Apache24\conf\ directory will have two new files, the file with the CSR code (.csr) and the file with the private key (.key).

We’ll leave the private key for the time being. The CSR code has to be provided to your certificate vendor — this code is the base for your commercial SSL certificate.

Please contact your SSL vendor for instructions with SSL activation.

6. When the SSL is issued, you should receive at least two files: SSL certificate in a .crt (or .pem, .cer) file, and the CA-bundle (also can be called intermediate CA, root CA certificates) with extensions like .ca-bundle, .crt.

Please note that Apache requires only PEM-encoded certificates, so PKCS#7 or PKCS#12 encoded SSLs won’t work.

Configuring SSL for Apache

7. Upload those files to the C:\Program Files\Nectus\Web\Apache24\conf\ directory.

8. Then, go to the C:\Program Files\Nectus\Web\Apache24\conf\extra folder, and open the httpd-ssl.conf file in Notepad.

9. Find and edit the following directives and make sure that they point to the SSL certificate, Private Key, and the CA-bundle files accordingly:

 

SSLCertificateFile “${SRVROOT}/conf/yourdomain.crt”

SSLCertificateKeyFile “${SRVROOT}/conf/yourdomain.key”

SSLCACertificateFile “${SRVROOT}/conf/yourdomain.ca-bundle”

 

Note that the SSLCACertificateFile directive is commented out by default. You need to delete the # sign at the beginning of the string to uncomment the directive.

10. Save the configuration file

11. Return back to the C:\Program Files\Nectus\Web\Apache24\bin folder and double-click on ApacheMonitor.exe

 

12. The ApacheMonitor app will appear in the system tray at the lower right corner of your screen. Find and click it there.

13. Hit “Restart”

 

14. Now you can try accessing your Nectus GUI page in the browser via HTTPS: https://yourdomain.com

Nectus starts “Free Nectus for Schools” Program

Nectus care about our education and our kids and we understand that our schools are always  underfunded

and not able to afford top of the line software tools.

Starting from July 2019, Nectus started offering free license to all public schools up to K12 grade.

Free License includes all available Nectus modules for up to 200 devices each.

To pre-qualify for a free license contact us via email: sales@nectus5.com