While it is possible to generate and install a self-signed certificate on Variphy Insight, you can also install a wildcard certificate (a public key certificate which can be used with multiple subdomains of a domain) if you have created one within your organization. This is a simpler process than generating the self-signed cert.
NOTE: It is recommended to take a snapshot of your VM prior to making any kind of certificate changes.
A wildcard certificate typically is in a PKCS12 format, in the form of a .PFX or .P12 file, e.g. yourcert.pfx. It will also have a Keystore password, which will be required in order to install the cert in Insight.
To Install the certificate:
- Stop the Variphy service. In the Start Menu click Run and type
services.mscor search for the Services Manager. Right click on the Variphy Insight service and select Stop. Or open CMD as Administrator and runnet stop "Variphy Insight" - Copy your cert file to the \Variphy Insight\app\tomcat folder in the Variphy Insight intallation path.
e.g. C:\Program Files\Variphy Insight\app\tomcat\yourcert.pfx
- In the Variphy Insight\config folder edit the https_customizations.xml file with a text editor like notepad or notepad++.
- Modify the value in the following attributes (if needed) and save the changes:
- cerfiticateKeystoreFile – Default is “keystore.pfx”. Change this value so it reflects the name of your new cert file.
- certificateKeystorePassword – Default is “changeit”. Update with the new password.
- certificateKeystoreType – This specifies the keystore type, the default is “PKCS12”
The entries will look like this:
- To turn off non-secure access to Variphy we will disable the non-secure http access by commenting out the contents of the http_customizations.xml file, also located in the \Variphy Insight\config folder. Open the file in a text editor and comment out the contents of the file by adding the characters to the beginning and end and save your changes.
This will disable http access to the Variphy application and will only allow access through the https://variphyserver:8443 address and port.
- Start the Variphy service. In the Services Manager right click on the Variphy Insight service and select Start or in CMD run
net start "Variphy Insight"
Note: When you upgrade earlier versions of the Variphy software it will back up the current directories, including the certificate, to a set of backup folders. Your certificate will be replaced with a generic self-signed one. You can recover your certificate with the following steps:
- Stop the Variphy service.
- Navigate to the Variphy folder. There will be a set of backup folders with the date of the most recent backup. They will be in the format of config_yyyy_mm_dd and app_yyyy_mm_dd.
- Copy the https_customization.xml and http_customization.xml files from the /Variphy Insight/config_yyyy_mm_dd folder to the /Variphy Insight/config folder.
- Copy the cert file from /Variphy Insight/app_yyy_mm_dd/tomcat to the /Varphy Insight/app/tomcat/ folder.
- Start the Variphy service and log back into the web interface, it may take a moment to load after the restart. You should be able to log in and authenticate against your wildcard cert.
If you have any questions about this process, or would like some help with installing or repairing your wildcard certificate, please contact support@variphy.com for further assistance.
