Up
Previous Next

Sheriff CSMâ„¢

Configure Custom HTTPS Certificates in Sheriff CSM

You can secure Sheriff CSM by providing your own SSL certificates from a Certificate Authority (CA), and you can upload them through the web UI.

To upload a custom HTTPS certificate in Sheriff CSM
  1. Log into the Sheriff CSM web UI and go to Configuration > Administration > Main.
  2. Extend Sheriff Framework.

  3. Click the Browse button to upload your custom web server SSL certificate and private key files in PEM (Privacy Enhanced Mail) format:

    Custom HTTPS Certificate

    Important: Make sure that your certificate file includes both the "begin" and "end" lines.

  4. (Optional) If your SSL certificate requires any intermediate certificates, upload it in Web Server SSL CA Certificates (PEM format).
If you need help generating a certificate, see How to Generate a Certificate Signing Request for Sheriff CSM.

Convert Certificates to PEM Format

Sheriff CSM only accepts certificates in the PEM format, which is the most common format that certificates are issued. However, different operating systems (OSes) generate certificates in different formats. For example, Windows OS typically produce certificates in PFX or PKCS format, with extensions .pfx or .p12.

If your certificate is not in the PEM format, you can use OpenSSL to convert it. OpenSSL is installed on Sheriff CSM by default. The following procedure illustrates how to convert a certificate from PFX to PEM format using Sheriff CSM.

To convert your certificate to the PEM format
  1. Obtain a certificate from your CA.

  2. Upload your certificate file to Sheriff CSM.

    Note: For example, Linux and macOS users can use the scp command while Windows users can use a program called WinSCP.

  3. Connect to the Sheriff Console through SSH and use your credentials to log in.

  4. On the Sheriff Setup main menu, select Jailbreak System to gain command line access.
  5. Generate the following files:

    1. Certificate:

      openssl pkcs12 -nokeys -nodes -in certificate.pfx -out av_certificate.pem
    2. Private key:

      openssl pkcs12 -nocerts -nodes -in certificate.pfx -out av_private_key.pem
    3. CA certificate chain (optional):

      openssl pkcs12 -cacerts -nokeys -in certificate.pfx -out av_ca_certificate_chain.pem
  6. Edit the files to remove any extra lines. You can use vim or nano as editors.

    Note: Certificate files have -----BEGIN CERTIFICATE------ and ------END CERTIFICATE------ while private key files have ------BEGIN PRIVATE KEY------ and ------END PRIVATE KEY------ surrounding the content. You need to remove any extra lines above or below these texts.

  7. Download the new certificate files to your desktop.

  8. Log into the Sheriff CSM web UI and go to Configuration > Administration > Main.

  9. Extend Sheriff Framework.
  10. If you have configured a certificate in the past, click Remove to delete the old certificate, and then Update Configuration to apply the changes.

    Allow 2-5 minutes for reconfiguration to run in the background. After the web browser refreshes, you may receive a warning about custom self-signed certificate in use. You can ignore this message.

  11. Browse to and upload the certificate files generated in step #5.
  12. Verify that the new certificate is installed and ready to be used.

Topic revision: r10 - 11 Feb 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.