Below are the steps to install custom SSL on nxfilter. To install a custom SSL certificate on NxFilter, you can follow the steps below:
First, create or obtain your custom SSL certificate and key files. These files should be in the PEM format and you have to convert the file in JKS (Java keystore)
To convert normal CRT file into JKS run below commands on the same server.
openssl pkcs12 -export -in SSLcertificatefilename -out Anynameyoucanuse.p12
In above command we are converting normal SSL certificate into .p12 first. Kindly make sure that SSLcertificatefilename is having all the certificate, key, CSR etc.
keytool -importkeystore -srckeystore Anynameyoucanuse.p12 \ -srcstoretype PKCS12 \ -destkeystore anyrandomname.jks \ -deststoretype JKS
Then you can run above command to convert .p12 ceritificate with JKS extension. Kindly change the name Anynameyoucanuse.p12 and anyrandomname.jks with actual SSL names you want.
keytool -importkeystore -srckeystore anyrandomname.jks -destkeystore anyrandomname.jks -deststoretype pkcs12
Now to use your own SSL certificate, what you have to use Java KeyStore or JKS file which we have created above. If you already have a CRT format certificate, you need to convert it to a JKS file by follow above instructions. And then you set two parameters in /nxfilter/conf/cfg.properties file. One is ‘keystore_file’ and the other one is ‘keystore_pass’. You can set your JSK file like below,
keystore_file = conf/myown.jks
keystore_pass = 123456
Save the configuration file.
Restart NxFilter to apply the changes.
systemctl restart nxfilter
After following these steps, NxFilter should be using your custom SSL certificate for HTTPS connections. You can verify this by accessing the NxFilter web interface using HTTPS and checking that the browser shows your custom SSL certificate as the site’s security certificate.
Note that if you are using a self-signed SSL certificate, you may need to add the certificate to your browser’s trusted root certificate store in order to access the NxFilter web interface without security warnings.