Adding a SSL Certificate to Untangle Firewall

Untangle SSL not working? A small hack here for those that might be struggling adding a third party signed certificate to their Untangle firewall.

Using self-signed certificates isn’t a problem. However when you try to add a trusted third party certificate to Untangle using the GUI it doesn’t work.

The GUI doesn’t seem to add the intermediate SSL certificate to the chain which causes the certificate to be broken and sometimes even a very broken Apache.

The official documentation on the matter suggests it should be possible by the GUI. But it’s not ideal.

The workaround is to manually package your SSL certificate into a apache.pem file.

The file will simply contain the following in plain-text back to back, in this order:

  1. Certificate
  2. Private Key
  3. Intermediate
  4. Root (optional)
-----BEGIN CERTIFICATE-----
[server cert]
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
[private key]
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
[intermediate]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[root cert]
-----END CERTIFICATE-----

Now SSH to your Untangle server and then:

cd /etc/apache2/ssl
cp apache.pem apache.pem.bak
vi apache.pem
Copy/paste your cert, key and intermediate certificates to this file
Then ":wq!" to save changes
/etc/init.d/apache2 restart

Your SSL certificate should now be installed! Verify using your browser.

Broken SSL on Untangle?

If your Untangle web GUI stops working after installing the certificate then something went wrong. The GUI will be inaccessible giving a ERR_CONNECTION_REFUSED style message.

Reset to the default Untangle certificates, run the following via SSH:

curl -k http://download.untangle.com/patches/generic/update_cert.sh | dash

Thanks for reading. Please like or share if you found this useful.

Karl Nyen has been involved in the virtualization, server, web development and web hosting industry for over 13 years. In his current role at a managed service provider, he is focused on cloud-based solutions for enterprise clients. His diverse background of sales, management, and architectural/technical expertise bring a unique perspective to the virtualization practice.

Leave a Reply