Skip to main content

Use third-party SSL certificate

By default, Qalyptus Server uses a self-signed certificate for HTTPS communication. While secure, this generates browser warnings because the certificate isn't issued by a trusted Certificate Authority (CA). Replacing it with a CA-signed certificate eliminates these warnings and improves user trust.

Certificate Requirements

Essential requirements:

  • Valid CA signature: Issued by a trusted Certificate Authority
  • Private key included: Certificate must include the private key
  • Correct domain: Certificate common name matches the server's FQDN
  • PFX/P12 format: Compatible with Windows certificate store

Recommended specifications:

  • Subject Alternative Names (SAN): Include multiple domains if needed
  • 2048-bit or higher: RSA key length for security
  • SHA-256 signature: Modern cryptographic standard
Certificate Formats

Qalyptus Server requires certificates in PFX/P12 format with embedded private keys. If you have separate .crt and .key files, convert them to PFX format first.

Prerequisites

  • Administrative access to the Qalyptus Server machine
  • Valid SSL certificate from a trusted CA (in PFX/P12 format)
  • Qalyptus Server service user credentials
  • MMC console access

Import certificate

Follow the steps below to import the certificate:

  1. Launch the MMC console on the machine where Qalyptus Server is installed
  2. In the MMC, Open File> Add / Remove Snap-in
  3. Select Certificates and click Add
  4. Select Computer Account, click Next, select Local computer and click Finish
  5. In the MMC console, open Certificates (local computer) / Personal
  6. In the MMC console, open Actions> All Tasks> Import …
  7. Browse to the certificate file provided by your certification authority
  8. Follow the on-screen instructions to import the certificate, including the private key
  9. Check that the new certificate has been imported into Certificates (local computer)> Personal> Certificates and that it contains a private key
  10. Double-click on the Certificate> Certification path and confirm that it displays “This certificate is OK“

Use the certificate in Qalyptus Server Configuration

Follow the steps below to configure Qalyptus with your certificate.

  1. In the MMC console, right-click the imported certificate and select Open
  2. In the Details tab, scroll down and select Thumbprint
  3. Select and copy its value to the clipboard with the keyboard shortcut CTRL + C
  4. Close the MMC console
  5. In the start menu of your computer, search Qalyptus Server Configuration
  6. Click on Qalyptus Server Configuration and go to the General tab
  7. Enter the username and password of the user who runs the Qalyptus Server service
  8. Check the Use https checkbox
  9. Then choose Other valid SSL certificate
  10. Paste your certificate's Thumbprint in the Certificate field
  11. Make sure that the address entered in the Machine address field is the one that will be used to connect to Qalyptus Server
  12. Click on Save
  13. A confirmation message will appear when your certificate is taken into account by Qalyptus

You should now be able to access Qalyptus Server over HTTPS without the browser warning message.