When needing to change or add an SSL Certificate using the SSL Configuration Tool, the settings don't get applied and the certificate is not valid or displays Kaseya Application Firewall.
The issue's due to lack of permissions when modifying the registry with the appropriate settings. Some methods on resolving this issue are as follows :
- Run the SSL Configuration Tool as an Administrator
Since the SSL Configuration Tool is a Java (jar) program this would have to be done via Command Prompt as Administrator. Please launch Command Prompt as Administrator by typing the following :
" java -jar C:\kaseya\services\KaseyaApplicationFIrewall\kaftool.jar --importui " - Excluding the double quotes
(Note - The path may vary depending on where you have Kaseya Installed so please take note of the Drive Letter).
The program will launch and you may go ahead and reconfigure the settings. When applying, you will notice that in Command Prompt it will show the settings should have applied successfully. If the SSL Certificate isn't configured properly, then please proceed with following the next alternative method.
- Confirm if the appropriate registry settings have been applied correctly
What would need to be done using this method if the above doesn't work would be to confirm if the settings for KAF / Edge Services are implemented correctly. Please go ahead and perform the following steps :
- Go to Registry Editor
- Go to the following directory : HKLM\SOFTWARE\Kaseya
- Please confirm that the following values are correct within the Kaseya Registry Key :
On the example illustrated above the KAFCertFile would be the value of the current location where the pfx file is located (Please note that UNC Paths are not supported and that the location of the PFX File will need to be located locally on the Kaseya Server). The KAFCertPass is a Clear Text of the password ; please be sure to enter in that password there. And lastly the KAFUseSSL Value should be set to '1' as this indicates you will be using SSL on the Server.
4. Once the settings have been applied, please be sure to Reset the Kaseya Application Firewall Service (If on VSA 7), or the Kaseya Edge Service (if on R8 or later) for settings to take in effect.