For secure, trusted access you must install an SSL server certificate on the Access Gateway server. The uploaded certificate file must have the following characteristics:
If you have requested and installed a certificate onto a Windows server using the Internet Information Service (IIS) certificate wizard, you can export that certificate with its private key to a Personal Information Exchange (PFX) file. To import this certificate onto the Access Gateway, you must convert the PFX file to the unencrypted PEM format.
You can use the open-source utility OpenSSL to perform the conversion from PFX to PEM. Download a Win32 distribution of OpenSSL from Win32 OpenSSL.
You might also need C++ re-distributable files if you want to use OpenSSL. Download from Microsoft Visual C++ 2008 Redistributable Package (x86).
To convert a PFX file to a PEM file, complete the following steps on a Windows machine:
Download and install the Win32 OpenSSL (Win32 OpenSSL v0.9.8i) package from Win32 OpenSSL.
Create a folder c:\certs and copy the file yourcert.pfx into the c:\certs folder.
Open a command prompt and change into the OpenSSL\bin directory:
Run the following command to convert the PFX file to an unencrypted PEM file (all on one line):
openssl pkcs12 -in c:\certs\yourcert.pfx -out c:\certs\cag.pem –nodes
When prompted for the import password, enter the password you used when exporting the certificate to a PFX file. You should receive a message that says MAC verified OK.
Point a browser to the Access Gateway administration portal or HTTPS port 9001: https://access-gateway-server:9001.
Log on as root. The default password is rootadmin.
Click the Maintenance link at the top of the page.
Click the Browse button next to the Upload Private Key+Certificate (.pem) field. Browse to the c:\certs\cag.pem file and click Upload.
Restart the Access Gateway for the new SSL certificate to be applied.