How to Generate an SSL Certificate and Install It on Splashtop Gateway Server

Having an SSL certificate on Splashtop Gateway enjoys the benefit of enhanced site security and customer trust. But how to obtain an SSL certificate and install it on the Splashtop Gateway?

This article will walk you through the steps to produce an SSL certificate and install it on the Splashtop Gateway Server.

Note: an SSL certificate issued by a well known certificate authority (CA) usually cost 100~200 USD annually.


Step 1: Generate a CSR Request


It is easy and straightforward to generate a certificate signing request (CSR) using OpenSSL.

  • If you are using a MAC, OpenSSL is probably already available. Run “openssl” command on a terminal to confirm.

  • If you are using a Windows PC, please firstly install OpenSSL.

Generate a CSR request using OpenSSL

  • For Windows, Start a Command Prompt with “Run as administrator”, and navigate to the “bin” folder of the OpenSSL program

  • For Mac, simply start a Terminal.

  • Use the command below to generate a 2048-bit RSA private key and CSR:

openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out CSRNAME.csr

After entering the command above, you will be asked to create a passphrase, which will be used to access your private key in future. Afterwards, you are prompted to enter the following information that will be incorporated into the CSR.

  • The Country Name (optional)

  • The Locality Name (optional)

  • The Organization Name (optional)

  • The Organization Unit Name (optional)

  • The Common Name (required): the Fully Qualified Domain Name (FQDN) of the Splashtop Gateway server

  • The Email Address (optional)

  • The Challenge Password (optional)

If you do not specify the location of the files in the command, you should be able to find the private key file and the CSR file inside the “bin” folder on Windows or your personal profile folder (/Users/username) on Mac.


Step 2: Apply for SSL Certificate from a Trusted Certificate Authority (CA)


There are dozens of certificate authorities available in the market. It is recommended to choose one from the Wiki page Certificate_Authority#Providers since they are mostly trusted by prevalent operating systems and web browsers. You don’t have to import a copy of certificate to the keystore of the client machines if the certificate is trusted by the client OS.

SSL certificate application is a self-service process. Get the following items ready before you submit an application to a certificate authority:

  • a CSR request (.csr file)

  • Fully Qualified Domain Name (FQDN) for your Splashtop Gateway server

  • Your company info

  • Your contact info

Following the instructions from the CA’s website to complete the SSL certification application. Choose Apache as the server app type and the CA will issue the certificates in PEM or CRT format. You should receive the certificate files in less than 48 hours.


Step 3: Convert the SSL Certificate to PFX

Splashtop Gateway only accept one SSL certificate in PFX format. Therefore, if the received certificate from the CA is in other formats such as PEM, CRT or CER, you have to combine it with the private key file and convert to a single PFX file using the following OpenSSL command.

openssl pkcs12 -export -out mycert.pfx -inkey private.key -in mycert.crt

If you are using macOS 13 Ventura or above , please convert the PFX using below OpenSSL command. ( For Splashtop Gateway v3.24.2 and lower only)

openssl pkcs12 -export -legacy -out mycert.pfx -inkey private.key -in mycert.crt
  • mycert.pfx - Output the PFX certificate file

  • private.key - Private key file

  • mycert.crt - SSL certificate file received from CA

If the CA also provides the middle/intermediate certificate files, you have to concatenate all of them into the single PFX file using the command below.

openssl pkcs12 -export -out mycert.pfx -inkey private.key -in mycert.crt -certfile intermediate1.crt -certfile intermediate2.crt

You will be asked to enter the passphrase for the private key when you run the above commands, and introduce a password to protect the PFX file.


Step 4: Import the PFX certificate to Splashtop Gateway


The last step is pretty straightforward.

Log in to the Splashtop Gateway Web Portal using the Owner account, and go to System > Security.

Click on Import button, browse the PFX certificate file, enter the password for PFX file and confirm.


You will be asked to log in again after the certificate is imported successfully. Now the end users can connect to the Gateway server using HTTPS without receiving a SSL warning any longer.

4 out of 4 found this helpful