ssl explorer setup

7/26/2019 Ssl Explorer Setup

1/13

SSL EXPLORER COMMUNITY EDITION SETUP INSTRUCTIONS

Features And Hardware Requirements

SSLExplorer is actually available in two flavors: the basic "Community" editionand an

enhanced "Enterprise" edition. Complete feature lists for each version are available at3SP's Website, but here are a few to whet your appetite:

"Community" edition features

Granular policy-based rights management No concurrent user restrictions

Remotely browse Windows file systemsvia Windows Explorer

Reverse proxy Web forwarding feature Configurable authentication schemes

Access your desktop remotely

Connect using any modern Web browser No dedicated appliance necessary

Supports Wake-On-LAN - bring up systems remotely

Supports Microsoft Windows XP/2000/2003 and Red Hat Linux 8.0 or later

(other Linux distributions are unofficially supported)

"Enterprise" edition features (in addition to "Community" features)

Commercially supported

Enhanced Authentication including SSL client certificate, LDAP, public-key

Bi-directional split-tunneling

Full auditing and reporting capabilities Lightweight remote management applets supporting SSH1, SSH2, Telnet and

VNC remote accessprotocols

SSH-based remote management CLI (alpha)

One other important difference is that the Java VPN client included in the "Enterprise"edition provides a connection more like a conventional IPsec VPN as opposed to the port

forwarding/tunneling functionality of the Java VPN client included in the "Community"edition.

Commercial support plans are available for a fee for both the "Community" edition and

the "Enterprise" edition of SSL Explorer. Visit the 3SP Ltd. Website for more details onthe support options available.

For the purposes of this article we'll be looking at the free "Community" edition.

The SSL Explorer software package can turn a humble PC into a full-fledged SSL VPNgateway. SSL Explorer software is released under the GPL and is written in Java. All that

is needed for a PC to become a server is Windows 2000/XP/2003 and the Java Runtime


2/13

Environment 5.0 (JRE). It is also possible to install it on Linux distributions such asRedhat and Fedora. However, for this article, we will concentrate on the Windows

platform.

All that is required on the client side is a Java-enabled Web browser such as Microsoft

Internet Explorer or Mozilla Firefox. As far as hardware requirements go, SSL Explorerwill run on a very humble PC. It will easily accommodate one to five concurrent usersrunning on a Windows XP box with a 2 GHz Intel Celeron CPU with 256 MB RAM.

You can actually get away with even a little less if you choose to install it onto Linuxinstead of Windows.

Prepare For Installation

The "Community" edition of SSL Explorer is distributed as an archive file with source

code that needs to be compiled using the Apache ANT utility, available at ant.apache.org.You will also need the 1.5.6 Java Runtime Environment (JRE), which is available at

http://java.sun.com/products/archive/. Make sure that the JRE package you download isversion 1.5.6. Both Apache ANT and SSL Explorer require the JRE 1.5 as both are Java

applications. (Java 1.6 or higher does not work!)

Download and install the JRE first, then install Apache ANT. ANT does not come with

an installer so we need to just extract the contents of the archive file into a suitable placeon our system. Extract the files to a folder on the root of C: called C:\ant , copy the

Java folder and its contents from Program Files to the root of C:,

After the installs are done, we need to set up some environment variables so that oursystem can find the ANT and Java binaries. Go to the Windows Control Panel and select

the Systemicon. Once the System Propertieswindow is displayed, select the Advancedtab, click on the Environment Variablesbutton and do the following:

1. Create a new system variable calledANT_HOMEand make its value the directory

location of ANT. It should be in C:\ant2.

Next, we need to create another system variable calledJava_HOMEand we will

make its value the directory location of the JRE. The JRE is installed inC:\Java\jre1.5.0_06.

3. Lastly, we need to modify the PATHvariable. Add the following to the PATHvariable:

;C:\ant\bin;C:\java\jre1.5.0_06\bin;

The semicolons are there to separate the PATH entries. Now we can move on to the

installation of SSL Explorer itself.

Go ahead and download the SSLExplorer "Community" edition package fromsourceforge.netand unzip the package to a suitable directory. On my machine I used

C:\sslexplore (extract the contents of the archive directly into this folder to keep things assimple as possible!). When you are done you should have 3 folders on the root of C,


3/13

Ant, Java & SSLExplore.

Then copy tools.jarfrom C:\ ssslexplore\libto C:\JAVA\jre1.5.0_07\lib& theC:\Program Files\JAVA\jre1.5.0_07\libfolders.

Next, start up a command window (this can be accomplished by selecting Runfrom theSTARTmenu and typing cmd). Navigate to the SSL Explorer directory (cdC:\sslexplorer) and type the following command to start the compile/install process:

ant install

The command window at this point should look similar to Figure 1.

Figure 1: Command line window after build completes (click image to enlarge)

ANT will chug away for a few minutes compiling Java source files and then it willattempt to launch a Web browser pointed at special port (28080) on your machine. This

special port is only used until you have set up the basic options for your install. You willconfigure your keystore and SSL certificate in this mode before placing the serverinto

operation.

If you are installing SSL Explorer on a system with the Windows firewallenabled, thenyou will probably see a window similar to Figure 2 at least once.


4/13

Figure 2: Windows firewall message

Be sure and choose unblockso that you will be able to configure the application throughyour Web browser. If SSL Explorer was successful at launching the Web browser, then

you should see a screen similar to Figure 3.

Figure 3: Select certificate type (click image to enlarge)

If your computerdid not bring up the Web browser automatically, then you should beable to open up a browser and connect to the setup page manually by using the following

URL: http://127.0.0.1:28080.


5/13

Certificate Creation

The first step in the setup is choosing what SSLcertificate to use. Figure 3 shows the

option of either importing an existing certificate or creating a new untrusted certificate.The SSL certificate is used in the encryption of the traffic between SSL Explorer and

your PC. We will create a new untrusted certificate (Untrusted simply means that thecertificate has not been digitally signed by a Certificate Signing Authority). Beforecreating the certificate we need to create a keystore password (Figure 4).

Figure 4: Create keystore password (click image to enlarge)

Next, we need to enter the information that identifies our certificate (Figure 5).


6/13

Figure 5: Create the certificate (click image to enlarge)

User Database, Super User, Webserver

You will now be presented with options for where to obtain the user database. SSL

Explorer has the ability to authenticate against Active Directory and several othermechanisms. However, we will choose the "built-in" option (Figure 6).

Figure 6: Configuring a User Database (click image to enlarge)

Now we need to create a "Super User" account (Figure 7) to perform administrative tasks

including creating new user accounts.

Figure 7: Create Super User account (click image to enlarge)


7/13

With that out of the way, we can now make changes to the Web server, such as the portnumber (Figure 8). We will leave all settings at the defaults on this screen and skip to the

next section.

Figure 8: Configure Web Server screen (click image to enlarge)

Proxies, Extensions

The Configure Proxiesstep (Figure 9) is only necessary if you have a proxy serveron

your network (such as a Web proxy). We will again take the default settings and skip to

the next section.

Figure 9: Configure Proxies screen (click image to enlarge)


8/13

Now we should be at the "Install EnterpriseEdition" screen (Figure 10). We will onceagain skip to the next section, as we are not interested in the "Enterprise" edition right

now.

Figure 10: Enterprise Edition screen (click image to enlarge)

Once we are at the "Install other extensions" section, we need to check the PuTTYbox(Figure 11). Feel free at this point to check any other extensions that might be helpful in

supporting additional services that you might like to use with SSLExplorer. In the nextsection, we will install another custom extension not listed on the list called TightVNC.

Figure 11: Enable the PuTTY extension (click image to enlarge)


9/13

The last section of the install is a Summarypage (Figure 12), which displays the choicesthat we have selected for our install. If would like to change your mind about any of the

previous setup options now would be a good time to go back and make changes. Onceyou are confident of your settings click the Finishbutton to apply the new settings.

Figure 12: Setup Summary (click image to enlarge)

Once the Install Completescreen (Figure 13) is displayed we can move on to creating

user accounts, installing the TightVNC custom extension and setting up shortcuts to ournetwork services.

Figure 13: Installation Complete (click image to enlarge)


10/13

Add Users

Before moving on to creating a new user, we need to install SSLExplorer as a service sothat it will be started each time our PC is booted. From our command line window we can

run ant install-service.

NOTE:If you have another program currently listening on port 443 then you willhave to disable that program before SSL Explorer will start successfully.

Now, let's put the serverinto operation by issuing ant startfrom the command line

window (this is a one time task as once it is installed as a service it should be startedautomatically upon bootup). Pull up a browser and type in the following URL:

https://localhost/. You should see a login screen similar to the one shown in Figure 14.

Figure 14: Login screen

Go ahead and login as the "Super User" we previously created. If you type in theusername and password combination correctly then you should be rewarded with the

Management Consolescreen.


11/13

Figure 15: Management console screen (click image to enlarge)

Click on the Accountslink under the Access Controlmenu and you will see a list of

currently configured users on the system (Figure 16).

Figure 16: Accounts List screen (click image to enlarge)

In the upper right hand corner of the screen, select the Create Accountlink to create anew user for the system. I created a user called John Smith (Figure 17).


12/13

Figure 17: Create account screen (click image to enlarge)

Enter all the details for the new user. For the group, I entered Usersand then clicked onthe Addbutton. Next, click on the Savebutton to finalize the new user. After finalizingthe new user account the system will ask you to assign a password (Figure 18).

Figure 18: Account password screen (click image to enlarge)

After clicking the Savebutton one more time you should be returned to the main

Accountsscreen. You should see both the "Super User" and the new user you created in

the account list.


13/13

Figure 19: Accounts screen with new account (click image to enlarge)

Conclusion

SSL Explorer is now set up and ready to go. In Part 2, we'll walk through how to set up

access to a remote network's shares. We'll also show you how to use SSL Explorer forremote desktopaccess to even a Windows XP Home machine.

In the meantime, if you can't wait to get going, you can explore these flash demos on

3SP's website.

Installation Remote Administration

Web Forwarding (Reverse Proxy)

Web Forwarding (Tunneled Proxy)

Web Forwarding (Replacement Proxy)

Network Places

ssl explorer setup

Documents