User Tools

Site Tools


ssl_configuration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
ssl_configuration [2018/12/12 07:35] – [Known Issues] lucyssl_configuration [2022/04/20 10:24] (current) lucy
Line 5: Line 5:
  
  
-===== Trusted ADMIN Certificate Generation with LUCY > 3.1 =====+===== Trusted ADMIN Certificate Generation with LUCY =====
  
 First set the correct FQDN within the [[setup_script_tutorial|setup script]] (domain configuration). Example: if you configured the domain "phishig-server.com" within LUCY you could create the FQDN access.phishing-server.com within the setup script. If you want to generate a trusted certificate for the admin access please go to "settings/ssl settings" and choose "lets encrypt" as the method. LUCY will automatically use the domain configured in the system to generate the certificate. The certificate generation might take up to 5 minutes. Please be patient and wait until the message "certificate created" appears. If you get a "request failed" error it means that you ran into performance issues. In that case please retry to initialize the setup again. Here is a summary again: First set the correct FQDN within the [[setup_script_tutorial|setup script]] (domain configuration). Example: if you configured the domain "phishig-server.com" within LUCY you could create the FQDN access.phishing-server.com within the setup script. If you want to generate a trusted certificate for the admin access please go to "settings/ssl settings" and choose "lets encrypt" as the method. LUCY will automatically use the domain configured in the system to generate the certificate. The certificate generation might take up to 5 minutes. Please be patient and wait until the message "certificate created" appears. If you get a "request failed" error it means that you ran into performance issues. In that case please retry to initialize the setup again. Here is a summary again:
Line 17: Line 17:
   * **Step 4:** Go to the settings/SSL settings menu, choose "letsencrypt" and let LUCY generate the trusted certificate. If the page is not refreshing automatically: please refresh the page after max 5 minutes.   * **Step 4:** Go to the settings/SSL settings menu, choose "letsencrypt" and let LUCY generate the trusted certificate. If the page is not refreshing automatically: please refresh the page after max 5 minutes.
  
-{{ trsuted_cert.png?600 }}+{{ trusted_cert.png?600 }}
  
  
 ===== Using SSL for attack simulations or awareness training ===== ===== Using SSL for attack simulations or awareness training =====
  
-  * **SSL for attack simulations:** You have the option to generate a certificate or upload one. If you want the certificate to be trusted to avoid an SSL error message please pick "lets encrypt". Please go to the scenario settings within the base settings of your campaign and then click on "SSL settings" (1). In case of LetsEncrypt (2) it will automatically use the domain (3) configured within the scenario settings. You can enter a valid email address (4) in the last field. Please note, that "Let's Encrypt" needs a publicly available domain name to generate a certificate. Please make sure your domain is accessible and points to Lucy.+  * **SSL for attack simulations:** You have the option to generate a certificateupload one or select an existing one. If you want the certificate to be trusted to avoid an SSL error message please pick "lets encrypt". Please go to the scenario settings within the base settings of your campaign and then click on "SSL settings" (1). In case of LetsEncrypt (2) it will automatically use the domain (3) configured within the scenario settings. You can enter a valid email address (4) in the last field. Please note, that "Let's Encrypt" needs a publicly available domain name to generate a certificate. Please make sure your domain is accessible and points to Lucy.
  
 {{ ssl_campaign.png?600 }} {{ ssl_campaign.png?600 }}
  
-  * **SSL for E-Learning:**: Please gp to "awareness settings" within your campaign and then within the according scenario settings of your awareness template select the SSL options:+  * **SSL for E-Learning:**: Please go to "awareness settings" within your campaign and then within the according to scenario settings of your awareness template select the SSL options:
  
 {{ awarw_ssl.png?600 }} {{ awarw_ssl.png?600 }}
  
 +:!: Please take into account that Lucy uses a third-party SSL provider - Let's Encrypt that has some limitations. The most common one is that you cannot issue more than __5 certificates per week__ for the same domain name. Find more at: [[https://letsencrypt.org/docs/rate-limits/|https://letsencrypt.org/docs/rate-limits/]]
 +
 +To avoid that limit you can use a previously issued SSL certificate in your campaigns by choosing the option "**Select Existing SSL Certificate**" in the SSL Provider list.
  
   * **Link generation within the message template:**: If you enable SSL in your campaign scenario, LUCY will populate the %link% variable with "https://domain-in-scenario-settings" instead of "http://domain-in-scenario-settings"   * **Link generation within the message template:**: If you enable SSL in your campaign scenario, LUCY will populate the %link% variable with "https://domain-in-scenario-settings" instead of "http://domain-in-scenario-settings"
Line 41: Line 44:
  
  
-===== Create a Certificate within a Campaign LUCY < 3.1 ===== +===== Create a Certificate within a Campaign LUCY =====
- +
- +
-If you decide to use SSL for the campaign and you want to generate a custom certificate you can do this by clicking Generate CSR or Certificate.+
  
-{{ 31.jpg?direct&600 }} 
  
  
Line 57: Line 56:
   * https://www.gogetssl.com/online-csr-generator/   * https://www.gogetssl.com/online-csr-generator/
  
-After the verification, (most providers will either do verification by sending an email to the email address within the WHOIS record or to the email specified within the CSR) you will have to upload the certificate to LUCY.+After the verification, (most providers will either do verification by sending an email to the email address within the WHOIS record or to the email specified within the CSR) you will have to upload the certificate to LUCY.
  
-As an alternative: LUCY enables you to create a CSR by clicking "Generate CSR or Certificate" 
  
  
Line 72: Line 70:
  
  
-{{ 32.jpg?direct&600 }}+{{ ssl_gen_2.png?direct&600 }}
  
-**Note**: If you want to get an official certificate for free, you can always use trial certificates which are valid for 90 days (example : https://www.comodo.com/e-commerce/ssl-certificates/free-ssl-certificate.php) +**Note**: If you want to get an official certificate for free, you can always use trial certificates which are valid for 90 days (example: https://www.comodo.com/e-commerce/ssl-certificates/free-ssl-certificate.php) 
  
  
Line 89: Line 87:
 (!) Please take into account that the command above will delete **all** existing SSL certificates! (!) Please take into account that the command above will delete **all** existing SSL certificates!
  
-b. For Lucy __4.3 and newer version__ this could have happened after the migration from the version 4.2 via the Migration Tool. In that case please contact our support team (<support@lucysecurity.com>) to fix the issue.+b. For Lucy __4.3 and newer version__ this could have happened after the migration from version 4.2 via the Migration Tool. In that case please contact our support team (<support@lucysecurity.com>) to fix the issue.
  
ssl_configuration.1544596546.txt.gz · Last modified: 2019/07/25 12:50 (external edit)