Having an SSL certificate on Splashtop Gateway enjoys the benefit of enhanced site security and customer trust. But how to obtain an SSL certificate and install it on the Splashtop Gateway?
This article will walk you through the steps to produce an SSL certificate and install it on the Splashtop Gateway Server.
Note: an SSL certificate issued by a well known certificate authority (CA) usually cost 100~200 USD annually.
Step 1: Generate a CSR Request
It is easy and straightforward to generate a certificate signing request (CSR) using OpenSSL.
If you are using a MAC, OpenSSL is probably already available. Run “openssl” command on a terminal to confirm.
If you are using a Windows PC, please firstly install OpenSSL.
Install OpenSSL 1.1.1(Windows)
Note: It is reported by our user that PFX file generated by OpenSSL 3.0 is not compatible with Splashtop Gateway. Please use OpenSSL 1.1.1 for all the tasks mentioned in this article.
Download the zip file below and run the EXE file to install the 64-bit OpenSSL Light v1.1.1m. The light edition of OpenSSL should be sufficient to create a CSR request.
When the installation is completed, the “openssl.exe” file can be found under the “bin” folder:
Generate a CSR request using OpenSSL
For Windows, Start a Command Prompt with “Run as administrator”, and navigate to the “bin” folder of the OpenSSL program
For Mac, simply start a Terminal.
Use the command below to generate a 2048-bit RSA private key and CSR:
openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out CSRNAME.csr
After entering the command above, you will be asked to create a passphrase, which will be used to access your private key in future. Afterwards, you are prompted to enter the following information that will be incorporated into the CSR.
The Country Name (optional)
The Locality Name (optional)
The Organization Name (optional)
The Organization Unit Name (optional)
The Common Name (required): the Fully Qualified Domain Name (FQDN) of the Splashtop Gateway server
The Email Address (optional)
The Challenge Password (optional)
If you do not specify the location of the files in the command, you should be able to find the private key file and the CSR file inside the “bin” folder on Windows or your personal profile folder (/Users/username) on Mac.
Step 2: Apply for SSL Certificate from a Trusted Certificate Authority (CA)
There are dozens of certificate authorities available in the market. It is recommended to choose one from the Wiki page Certificate_Authority#Providers since they are mostly trusted by prevalent operating systems and web browsers. You don’t have to import a copy of certificate to the keystore of the client machines if the certificate is trusted by the client OS.
SSL certificate application is a self-service process. Get the following items ready before you submit an application to a certificate authority:
a CSR request (.csr file)
Fully Qualified Domain Name (FQDN) for your Splashtop Gateway server
Your company info
Your contact info
Following the instructions from the CA’s website to complete the SSL certification application. Choose Apache as the server app type and the CA will issue the certificates in PEM or CRT format. You should receive the certificate files in less than 48 hours.
Step 3: Convert the SSL Certificate to PFX
Splashtop Gateway only accept one SSL certificate in PFX format. Therefore, if the received certificate from the CA is in other formats such as PEM, CRT or CER, you have to combine it with the private key file and convert to a single PFX file using the following OpenSSL command.
openssl pkcs12 -export -out mycert.pfx -inkey private.key -in mycert.crt
mycert.pfx - Output the PFX certificate file
private.key - Private key file
mycert.crt - SSL certificate file received from CA
If the CA also provides the middle/intermediate certificate files, you have to concatenate all of them into the single PFX file using the command below.
openssl pkcs12 -export -out mycert.pfx -inkey private.key -in mycert.crt -certfile intermediate1.crt -certfile intermediate2.crt
You will be asked to enter the passphrase for the private key when you run the above commands, and introduce a password to protect the PFX file.
Step 4: Import the PFX certificate to Splashtop Gateway
The last step is pretty straightforward.
Log in to the Splashtop Gateway Web Portal using the Owner account, and go to System > Security.
Click on Import button, browse the PFX certificate file, enter the password for PFX file and confirm.
You will be asked to log in again after the certificate is imported successfully. Now the end users can connect to the Gateway server using HTTPS without receiving a SSL warning any longer.