Atlona Help Center

Managing Security Certificates in Velocity

Overview

You can communicate with your Velocity Gateway unencrypted via HTTP or encrypted via HTTPS. When HTTPS is operational, the Velocity Gateway runs TLS and communicates over port 443 and reads the installed Certificate and Private Key.

Velocity Gateways generate a Certificate Signing Request (CSR) and private key upon registration. Additionally, Velocity can generate a new certificate and private key, a new CSR, or you can import your own certificate and private key to the Gateway. Regardless of the method, all the certificate data fields should accurately represent your system.

Get Started

 

 


Velocity_-_Menu_Settings_Security.png

1. 

Connect to the Velocity Gateway via HTTP

2. 

Expand the System > Settings menu and navigate to the Security page

3.  "Always redirect traffic to HTTPS" is disabled by default and must be disabled to continue.

Velocity_-_Security_Settings_-_HTTPS_Disabled.png

warning You may need to work with your Network Administrator to ensure that you can access the Velocity Gateway via HTTP before disabling it. 

Method 1: Generate Self-signed Certificate

  1. Fill out the Certificate Details and click GENERATE SELF SIGNED CERTIFICATEVelocity_-_SSL_Method_1.png
  2. Click YES on the pop-up.
    mceclip1.png

Method 2: Generate CSR

  1. Click GENERATE CSR
  2. The CSR will automatically download. Note the popup message and click YES.
    Please submit this CSR to a Certificate Authority. Then upload the full CA chain PEM file to Velocity.
  3. Send the CSR to your Network Administrator or Certified Authority and request they return a full CA chain PEM/CRT file.
  4. Once your Network Administrator returns this file, click Upload Certificate and upload it.

Method 3: Import Certificate and Private Key

  1. Create your own certificate and private key
  2. Click Upload Certificate to upload your certificate
    info Certificates can contain the private key, or they can be separate
  3. If your certificate does not contain the private key, click Upload Private Key to upload your private key

Final Steps

  1. Navigate to the Tools page and click Restart Machine
  2. After the Velocity Gateway reboots, confirm that the Velocity Gateway is accessible via HTTPS
  3. Navigate back to the Security page and enable "Always redirect traffic to HTTPS"

Alternatives

There is an additional method that some Network Administrators have implemented, which is to build a load balancer with SSL enabled that forwards insecure traffic from the load balancer to the gateway behind a firewall.

Further Reading

There are more details on how we are loading the Certificate and Private Keys here:  https://golang.org/src/net/http/server.go?s=101037:101105#L3182

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Contact Us