It's probably been one of the best purchases I’ve seen in the past twelve years at Burnet. It's been spectacular.
Damon Warren, IT Officer
Burnet Institute
Home / Support / Support Resources / Knowledge Base / Articles / How-do-I-configure-my-KACE-K1000-appliance

How do I configure my KACE K1000 appliance to support SSL?

Turning on SSL will enable it for both the user portal as well as for the K1000 clients. It will force the clients to use SSL but the user portal can be reached via port 80 as well as 443. You can possibly configure your firewall to restrict traffic coming into the the KACE K1000 appliance on port 80 if you want to force https to the portal. 


*Please keep in mind that once you switch over to SSL this is a one-way automatic shift for the clients. If you decide later not to use SSL then the clients will have to be reconfigured manually.*

The KACE K1000 appliance will want both the certificate and the private key in PEM format. Your CA (Certificate Authority) will also want the cert in this format as well, but it may or may not require it. The following procedure will get you the key in the right format.

First you need OpenSSL on your machine (PC). A Windows version of OpenSSL is available here:

http://www.slproweb.com/products/Win32OpenSSL.html

If you install this and then add c:\openssl\bin to your path you can access openssl from a command line:

Generate a Private key for your KACE K1000 appliance using:
openssl genrsa -des3 1024 > k1000.priv

Enter a passphrase (if it asks for it) to complete generating the key.
You can name the key file anything you want.

Now, because we do not want a PassPhrase encrypting our key (because that prevents Apache from booting on its own - aka requests passphrase at startup from console) enter the following to remove the passphrase from the key (you may well be prompted one last time for the passphrase):

openssl rsa -in k1000.priv -out k1000.priv

Generate a CSR:
openssl req -new -key k1000.priv > k1000.csr

NOTE: The "common name" should be the name of your KACE K1000 appliance (e.g. k1000dm or whatever the http server name is for the K1000 under ' K1000 Web Server Name')

NOTE: You should NOT be prompted for a passphrase to create the csr. If you are prompted, follow the step above to clean the key.

Use the csr file online at verisign or other to have them generate your cert.

You should now have a k1000.priv, verisign.crt, and k1000.csr.

Go to to your K1000 Admin Console and under the Settings | Network tab, enable SSL and upload the .key file and the .crt file.

Updated on: 4/20/2011