Certificate - Update HTTPS Certificate with Globaleaks

About

This document shows you how to update the HTTPS certificate used by the Globaleaks whistleblower platform. The process includes exporting the certificate from pfSense and uploading it in the correct order to Globaleaks.

PfSense, Export Certificate:

  1. Navigate to your pfSense admin interface and sign in with your admin credentials.

  2. From the top menu: Click System and click Certificates again to view the list of certificate authorities and certificates stored in pfSense.
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_1.png
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_2.png

  3. Scroll all the way down to the bottom of the page and find and click Add/Sign to create a new certificate. Click it.
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_3.png

  4. Fill the required fields such as Name, Certificate Authority, Key Type, Lifetime, Common Name, etc.. Click Save, then Yes when prompted to confirm.
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_4.png

  5. Scroll all the way down to the bottom of the page again and find The one you just made and click the Export Key button to download the certificate. Then click Authorities at the top of the Certificates page. Scroll down to find the internal company Certificate Authority entry. Click Export CA to download the CA certificate (usually .crt).
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_5.png
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_6.png
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_7.png

Globaleaks, Upload Certificate Files:

  1. Open your Globaleaks Admin Portal in a browser.
  2. Enter your administrator username and password to access the admin dashboard.
!! IMPORTANT !!

This website requires patients and a lot of reloading. If things are slow, reload.

  1. Open Network → HTTPS tab and Reset. From the admin sidebar, click Network. Ensure you are in the HTTPS tab. Click Reset to clear the fields and prepare for a new certificate upload. Refresh the page once the reset completes.
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_8.png
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_9.png
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_10.png
!! IMPORTANT !!

The order of uploads are important in this case. Make sure to follow the steps.

  1. Look for Private Key and click Upload. This must be the first upload to be done! Select the Globaleaks.key file you exported from pfSense. Click Open to upload.
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_11.png
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_12.png

  2. Then upload to the Certificate (PEM) second. In the Certificate (PEM) field, click Upload. Select the Globaleaks.crt file you exported from pfSense. Click Open to upload.
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_14.png
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_15.png

  3. Then upload to the Intermediate Certificates (PEM) third. Select the Company.crt (CA certificate) you exported earlier. Click Open to upload.
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_16.png

  4. After all three uploads are complete, the interface should display a summary of the certificate details (issuer, valid dates, etc.). Click Enable to apply the certificate. Wait about 1 minute then refresh the page to confirm the changes have taken effect.
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_17.png

  5. Then look at the browser address bar. If the HTTPS certificate is installed correctly, the “Not secure” warning will be gone. You can also click the padlock icon (where “Not secure” was) to view certificate details. Another method is to copy the URL into a new tab and press Enter. The page should load securely without warnings.
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_18.png
    sh_Certificate-UpdateHTTPSCertificatewithGlobaleaks_AD_19.png

And you are done. 😄

Continue here:
Active Directory - Change Hostname in AD after Certificate Update
See you again next year!