MeshCentral is a remote support OpenSource platform. It runs on Windows or Linux and needs to be self hosted.
While it supports Let’s Encrypt (letsencrypt.org) certificates, this is not always a possible option. Issues you can run in to are:
- port 80 incoming is blocked by your internet provider
- your DNS provider does not support the ACME protocol needed
Of course, you also could just simply want to create your own certificate. To do so you go to your regular CA (certificate authority) provider and get your certificate issued. You can do so by simply engaging Windows IIS, request a new certificate per CSR, have it issued and finalize the request in IIS. Your last step is to export it including the private key.
Transfer this file now to your MeshCentral server (just use MeshCentral to transfer the file). Next you will need OpenSSL – what is often pre-installed on Linux and Raspberry, on Windows you will need to download it separately.
OpenSSL is used on the command line to extract the unencrypted key and the separate the certificate so MeshCentral can use it. Follow the next steps – while we assume your source certificate file is named source.pfx.
- openssl pkcs12 -in source.pfx -nocerts -out encryptedkey.key
- this will ask for the password for source.pfx
- it will also ask and have you confirm a new password (can be the same) for the destination file
- openssl rsa -in encryptedkey.key -out webserver-cert-private.key
- it will ask your for the new password of the file you created in step 1
- this will overwrite the webserver-cert-private.key file with a passwordless key-file as needed by MeshCentral
- openssl pkcs12 -in source.pfx -clcerts -nokeys -out webserver-cert-public.crt
- this will ask for the password for source.pfx
- it will overwrite the webserver-cert-public.crt file with the public part of your certificate
Now reboot the MeshCentral service/server and open a new browser window, you certificate should work now.