How to Install an SSL certificate in Untangle

These days, SSL certificates are necessary to verify web content and ensure end users that they are visiting websites that are safe and not trying to scam or steal information from them.  I am a big fan of Untangle’s UTM appliance as it provides tremendous cost benefit compared to other UTM software and hardware.  I wanted to detail the steps required to install a trusted SSL certificate in the Untangle interface as there are a couple of tricks to get this to work if you are experiencing problems. 

Potential Issue:

I have noticed that straight out of the box on the Untangle 7.4 install that when you look at the certificates that are intalled by default, sometimes the Certificate status will be blank…in other words it will not have a valid self signed certificate intalled.  If at that point you go ahead and generate a CSR to send to a Certificate Authority, the name and everything else in the CSR will be blank until you first “Generate a Certificate” in the Certificates tab under Administration.  This creates a self signed certificate that should have your servername listed.

Once you see a self issued certificate with the Subject DSN as well as the Issuer DN with your servname you should be good to run through the “Generate a CSR” wizard.

When you click the “Generate a CSR” button, you will see the blank “Generate a Certificate Signature Request” screen:

When you see this screen, you simply click the Proceed button which will generate the request:

After the request is generated…you will copy and send this to your Certificate Authority…..it should look something like:

—–BEGIN CERTIFICATE REQUEST—–
+BqMUU4OtIFVnIlfQlcn0vBjFRi
1flc3g1kc1DSxRHxxpp9hjGkqjdOBoLaB3QvEHCzacEhSUYyj5lsPJaLYscXr3LO
V4EZam/Wkvr6TLRJ0n2JQuoE5d0lD0zSopVQhc0TYPr8jhTb36IIEppQZ9iQeiJv
TQ593PkIjudlIRP5+h9JzWb9wqxs6Xh0kMMsqaNA17dytNXLR4wlO5MaXcmi/iA6
oAAwDQYJKoZIhvcNAQEFBQADggEBAFewJkqlzRT6HlFJmdB9Acqkoq+gQoxWYrvr
rzzpILounL0VhJ8OHC/v0kq7thaZRWMUKi9P2DRVtpKQ0fZL7r9EMM
XjqXUorCMz9Xc7q6RB3DnU73G1utBfDdyGHFTZFa47uBooBdd+WNBEg
M8owIvnknRrBGvIed5P8HmaAq2xhb/H5Lt7Su9berNB9nU8iMtUFTk57BaYP
Dn64EGN/euUDkZpGzKJFEJZgVh8hyuumq3nDVKlKMWcewBbQXBy1kAg/REFny1ge
e/2vi7WGS5cqKIBG496kx9yom8tZoYesFhkWZ5FuHuKQGCHKHos=
—–END CERTIFICATE REQUEST—–

Once you have your certificate request processed, you will simply click on the “Import a Signed Certificate” button in the Certificates tab of Administration and paste your signed certificate in here.

Something to be aware of:

I have had major problems before pasting your signed certificate in the certificate box and then placing an Intermediate Certificate or bundled certificate in this box and crashing the interface and leaving apache in a broken state.  Let me say that this could be the result of a lower quality certificate asside from Verisign or another reputable CA.  The GUI certificate interface seems to be flaky at times when it comes to importing certificates. 

If you have a bundled Intermediate and root certificate, I highly recommend not using the GUI to install these.  What I have found to work extremely well is to edit your etc/apache2/httpd.conf file and add the following line:

SSLCertificateChainFile /root/yourcertificatebundle.crt where you replace the aforementioned name with the name of your certificate file and the path where you have the file stored.  Then simply restart apache:

etc/init.d/apache2 restart