Skip to main content

 

ConnectWise

SSL Configurator

  1. Last updated
  2. Save as PDF

Introduction

This article will explain how to use the SSL Configurator to add an SSL certificate to your ConnectWise ScreenConnect™ on-premises installation. 

Requirements

  • Windows operating system (Windows Server 2003 r2 and later)
  • ScreenConnect on-premises installation

Tip: For Linux and Mac servers, you can use the SSL Configurator for Linux shell script instead. 

Before running the script

Download the SSL Configurator script

If you can't open the link, try right-clicking and select Save As...

ScreenConnectConfigurator.zip

Windows

The Configurator tool will do the following in Windows:

  1. Change working directory where certificate files are stored
  2. Change directory where ScreenConnect is currently installed
  3. Create a private key and generate a certificate signing request (CSR) to send to your certificate authority (CA).
  4. Install and bind the server certificate to port 443 for HTTPS, and configure the ScreenConnect Web Server to listen on port 443.
  5. Install a PFX file, bind the certificate to port 443, and then configure the ScreenConnect Web Server to listen on port 443.
  6. View log

Warning: Be sure to run the Configurator on your ScreenConnect server as an administrator.

1. Change working directory where certificate files are stored.

By default, your working directory is your Desktop.

2. Change directory where ScreenConnect is currently installed

Make sure that the ScreenConnect Directory value is correct. The script will need the correct path in order to edit the web.config file.

3. Create a private key and generate a certificate signing request (CSR) to send to your certificate authority (CA).

This step will generate a private key, and then use that private key when creating a certificate signing request (CSR). You will be prompted to enter information such as your organization's name, email, location, and hostname. Be sure that your hostname is entered correctly.

Once you have completed entering your information for your CSR, send your CSR to your certificate authority (CA). You may receive an email with your certificate(s) attached, or you may need to log into your CA and download the certificates yourself. If you have to download your certificate directly from your CA’s site, you may be prompted for what type of server you have. Select “Other.” If given an option, download your certificate in PEM format (not DER).

Note: After downloading your certificate, make sure that you change the extension to .cer . The script will only detect .cer files.


You only need to place the server certificate in your working directory; the script will automatically fetch your intermediate certificates for you.

4. Install and bind the server certificate to port 443 for HTTPS, and configure the Web Server to listen on port 443.

The Configurator will now check to see if port 443 is free. If it is, it will modify your web.config file so that ScreenConnect can use port 443 for SSL.

Next, the script will find your server certificate in your working directory and ensure that it matches your private key. Then the script will install your certificate, and fetch and install your intermediate certificates.

Note: If the script cannot find your certificate, make sure that you have added a .cer extension to the file. The script will only detect .cer files.


Finally, the script will bind your server certificate to port 443, and SSL should be configured for your installation.

 

5. Install a PFX file, bind the certificate to port 443, and configure the Web Server to listen on port 443.

If your certificate and private key are already bundled together in a PFX file, you can now install it using the Configurator. When you choose this option, you will need to enter the complete location of the PFX file so the script can find it. Next, you will be prompted twice to enter the password associated with the PFX file. From there, the script will install your certificate, bind it to port 443, and modify your web.config file so that ScreenConnect will listen on port 443.

 

6. View log

Open the Configurator log file in Notepad. If you're having problems with the Configurator, contact the support team.

For Mono (Linux/OSX)

The Configurator will create a tarball containing all the necessary certificate and private key files for SSL. You will need to extract this tarball to your Linux/OSX machine.

Note: Even though your ScreenConnect server is running Linux or OS X, the Configurator will need to be executed on a Windows machine. You can instead use the SSL Configurator shell script to configure SSL directly on your Linux or OS X server.


The available options for the Configurator are:

  1. Change working directory where certificate files are stored.
  2. Create a private key and generate a certificate signing request (CSR) to send to your certificate authority (CA).
  3. Package your server certificates and intermediate certificates into a tarball to extract to your Linux server.
  4. View log

Warning: Be sure to run the Configurator on your Windows machine as an administrator.

1. Change working directory where certificate files are stored.

By default, your working directory is your Desktop.

2. Create a private key and generate a certificate signing request (CSR) to send to your certificate authority (CA).

This step will generate a private key, and then use that private key when creating a certificate signing request (CSR). You will be prompted to enter information such as your organization's name, email, location, and hostname. Be sure that your hostname is entered correctly.

Once you have completed entering your information for your CSR, send your CSR to your certificate authority (CA). You may receive an email with your certificate(s) attached, or you may need to log into your CA and download the certificates yourself. If you have to download your certificate directly from your CA’s site, you may be prompted for what type of server you have. Select “Other.” If given an option, download your certificate in PEM format (not DER).

After downloading your certificate, make sure that you change the extension to .cer . The script will only detect .cer files. You only need to place the server certificate in your working directory; the script will automatically fetch your intermediate certificates for you.

3. Package your server certificates and intermediate certificates into a tarball to extract to your Linux server.

Next, the script will then find your server certificate in your working directory and ensure that it matches your private key. Your key will be converted into the required PVK format. Then the script will fetch your intermediate certificates, renaming them to the correct format for Mono. Finally, the script will bundle your private key and all certificates into a tarball.

Exit the script and extract ScreenConnectSslFiles.tar.gz to /opt/screenconnect.


The final step is to edit your /opt/screenconnect/web.config file, and change the WebServerListenUri key to the following:

<add key="WebServerListenUri" value="https://+:443/"></add>

4. View log

Open the Configurator log file in Notepad. If you're having problems with the Configurator, contact the support team.

Manually configure SSL for ScreenConnect

If you'd prefer to manually add an SSL certificate to your installation, here are some options:

What's next

This is what was achieved and what was omitted in this how-to.

  1. Back to top
  • Was this article helpful?
Leave feedback

Recommended articles

  1. Article type
    How-to
    Product
    ScreenConnect
  2. Tags
    This page has no tags.