SSL Certificates - How to Create Recorder SSL Certificate

Adutante Recording WEB applications

Adutante Recordings package consists of two Web applications:

• Adutante Portal-  includes User Administration, QC and Recorders Modules  
• VSLogger.htm   - Recording engine UI 

Both interfaces are HTML applications and both by default are connected via SSL (Secure Socket Layer protocol) connection e.g. https://recorder1:8443/portal/

Versadial highly recommends you operate your recorder in a secure environment and take advantage of SSL If security is important to you and your recordings, please follow the steps below. 

If for whatever reason, security is not required and you would like to record without SSL, please click here. Note: WE NOT NOT RECOMMEND THIS SETTING. 

• Self Generated SSL Instructions
• Bypass SSL Certificate (not recommended)
• Disable SSL on Recorder (not recommended)
• Purchased SSL Instructions

Unrecognized SSL Certificate  Warnings 

Default SSL certificates that come with Adutante recording is not recognized on the end client network, and users connecting to Adutante or VSLogger will get the below warning messages  

for Chrome: "Your connection is not private, Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards)."

or for Firefox: "This Connection is Untrusted, You have asked Firefox to connect securely to localhost:8443, but we can't confirm that your connection is secure..." 

Note: Internet Explorer is not supported at this time with Adutante and VSLogger, we suggest to use Chrome.

Generate Self-Signed SSL Certificate for Recorder

Initial configuration is to generate a self-signed certificate for Adutante/VSLogger

Step 1: Create Self-signed certificates for your recorder(s)

1. Make note of your recorder Computer Name
1. Typically located in Windows Start > Computer - Right Click on Computer and select "Properties". Computer name should be displayed. ie: VSlogger
2. Open Versadial VSLogger CLI Configuration Tool (default location: "C:\Program Files (x86)\Versadial Solutions\vsLogger\vscli.exe")
3. From menu Tools, select "Create SSL Certificate"
4. For Private Host, enter Computer Name
5. The other fields are optional, click button Create SSL Certificate. SSL Certificate should be automatically generated.

Step 2: Install Adutante and VSLogger Certificates

From Step 1 the certificate files are created. To install the created certificates please complete the following:

1. For VSLogger: C:\ProgramData\Adutante\vslogger\cert\vslogger.cert.pem and C:\ProgramData\Adutante\vslogger\cert\vslogger.key.pem.
• Copy/paste these files to directory "C:\Program Files (x86)\Versadial Solutions\vsLogger\www\cert"
2. For Adutante: C:\ProgramData\Adutante\vslogger\cert\adutante.jks.
• Copy/paste this file to "C:\Versadial\Adutante\framework\base\config"
3. Within Windows services, Stop then Start both services for Adutante and Versadial VSLogger Connection (Control Panel > Administrative Tools > Services)
4. After services restart, proceed to individual Workstations and install the newly generated self-signed certificate to each workstation (see steps below)

Note: If you cannot see the generated SSL certificates, make sure to enable your Windows Explorer to show hidden files, folders, or drives.

Individual Workstations

After you have created a self-signed certificate for the recorder, you must make the certificate trusted on the individual workstations that connect to the recorder. 

For a visual walkthrough, please see attachment. Click Here

Step 1: Make certificates trusted  - These steps must be done for all workstations connecting to the recorder

The following are directions using the CHROME BROWSER to install your generated SSL Certificate on the end-users PC and allow access to the recorder without warnings

1. Connect to the website using SSL (https://YourRecName:8443/portal/)
2. Since Chrome version 56, you do the following: go to the Three Dots Menu (Top right corner)-> More Tools -> Developer Tools
3. Then, click on the Security Tab. This will give you a Security Overview with a View Certificate button, Click on the View Certificate button.
4. A new window will open. It has three tabs;
   General, Details, and Certification Path. Click the ‘Details’ tab. On that tab, click the ‘Copy to File…’ button.
5. The Certificate Export Wizard opens…, Click next, now you’re asked what file format, DER is the default. Click Next again. Now you’re asked where to save the file. You can use the browse ellipses, or type a path (know where you saved it to import…)
   Example: C:\Temp\AduCert
   
   Click next, and finish. Click the OK button, and OK again to close the window.

Step 2: Import the certificate:

1. Windows 10
   1. Click the Install Certificate… button
   2. When the ‘Certificate Import Wizard’ window opens, use the radio button to select ‘Local Machine’
   3. Click Next . . .
   4. This is important; it’s why the PC will accept the certificate…
   5. Use the radio button to select ‘Place in the following store’
   6. Click the Browse button and select ‘Trusted Root Certification Authorities'
1. Double click the certificate you saved from the previous step.
2. On the general tab, it should state:
3. Issued to: YourRecorderPCname
4. Issued by: YourRecorderPCname
5. Click ‘Next’, and ‘Finish’…
6. You will see ‘Successful’ then, Okay and Okay…
2. Windows 7
   1. Click the Install Certificate… button
   2. Click Next
   3. Click the radio button. “Place all certificates in the following store”, then click Browse.
   4. From here, check the box that says ‘Show physical stores, and scroll up to the top of the list.
   5. Expand the folder ‘Trusted Root Certification Authorities, then click the folder ‘Local Computer’. Click OK.
   6. Afterwards, click Next, then Finish. You’re done!
1. Double click the certificate you saved from the previous step.
2. On the general tab, it should state:
3. Issued to: YourRecorderPCname
4. Issued by: YourRecorderPCname

Optional SSL Certificate Warning Bypass Method (Not Recommended)

Firefox

1. If using Firefox and connecting to your recorder link https://recorder1:8443/portal/infoshare.htm
2. You will get a certificate warning message "This Connection is Untrusted"
3. Go to section "I Understand the Risks", click button Add Exception
4. Enable checkbox "Permanently store this exception"
5. Click button Confirm Security Exception
6. Finished, it will skip the certificate warning page moving forward

Chrome

1. Create a shortcut for Chrome and give it a name e.g. Adutante
2. Right-click the new shortcut, and click Properties, then add the following text to the end of the Target: --test-type --ignore-certificate-errors --new-window https://recorder1:8443/portal/
3. The text in the Target box should now look like this: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --test-type --ignore-certificate-errors --new-window https://recorder1:8443/portal/

5. Click OK and Finish
6. This shortcut will now bypass the certificate warning message

Disable SSL (Not Recommended. Please use at your own risk)

Here’s how to remove SSL:
Adutante already has a path to access it without SSL by default.
Access Adutante: http://ServerName-or-IP:8080/portal/

CLI must be configured, here’s how:

*Typed commands are preceded by ->
***Marks added notes if needed

Open CLI Tool, select menu, File and Connect. Click ‘OK’ in the Connect dialog.

login>
->u admin p admin

***Info about your recorder***

cli>
->config 

cli>(config)
->netserver

cli>(config-netserver)
->ssl n

*settings were modified, type 'save' command to save current settings.

cli>(config-netserver)
->save
Saving... 

cli>(config-netserver)
->exit 

cli>(config)
->reload 

Reloading...
server is busy, wait...

Purchased SSL Certificate for Recorder

Step 1: Generate a new private key and Certificate Signing Request

openssl req -out vslogger.csr -new -newkey rsa:2048 -nodes -keyout vslogger.key.pem

use password "versadial" to protect key

Download certificates from your provider

should be renamed to "vslogger.cert.pem"

Step 2: Create Java KeyStore file (adutante.jks)

Convert a PEM certificate file and a private key to PKCS#12 (.p12)

openssl pkcs12 -export -out adutante.p12 -inkey vslogger.key.pem -in vslogger.cert.pem

Import your private key into the JKS:

keytool -importkeystore -srckeystore adutante.p12 -srcstoretype pkcs12 -srcstorepass versadial -destkeystore adutante.jks -deststoretype jks -deststorepass versadial

Step 3.Replace self-signed certificates with new files and restart services (Adutante and VSLogger Connection Service)

VSLogger certificates files location

<installfolder>\www\cert  (for 64bit OS default: C:\Program Files (x86)\Versadial Solutions\vsLogger\www\cert)

ca.cert.pem       - certificate authority cert ( optional , can be combine with "vslogger.cert.pem")

vslogger.cert.pem - certificate

vslogger.key.pem  - private key (protected with password "versadial")

Adutante certificate files location

C:\Versadial\Adutante\framework\base\config

adutante.jks

Also, please verify your version of Adutante.

Prior to 4.8.6.1, the file:

ofbiz-component.xml

Located here:

C:\Versadial\Adutante\framework\catalina

Needs line 150 commented out…

###<property name="keyAlias" value="adutante"/>