Blog | G5 Cyber Security

Bitdefender SSL Certificate Replacement

G5 Cyber Security

TL;DR

This guide shows you how to replace the default Bitdefender Antivirus SSL certificate with your own custom certificate, ensuring secure connections for your managed endpoints. This is important if you use a wildcard or specific domain-validated (DV) certificate.

Replacing Your Bitdefender SSL Certificate

  1. Obtain Your Certificate Files: You’ll need the following files from your certificate authority:
    • Certificate File (.crt): This contains your website’s public key.
    • Private Key File (.key): Keep this file extremely secure! It is used to decrypt communications.
    • Intermediate Certificate(s) (optional .ca-bundle or separate files): These help establish trust with clients. Some authorities provide a single bundle, others provide individual files.
  2. Access the Bitdefender GravityZone Console: Log in to your Bitdefender GravityZone console as an administrator.
  3. Navigate to SSL Certificates: Go to Settings > Endpoint Security > SSL Certificates. The exact menu path may vary slightly depending on your GravityZone version, but look for a section related to SSL certificates or HTTPS inspection.
  4. Upload Your Certificate:
    • Click the Add Certificate button (or similar).
    • You will be prompted to upload your certificate files.
    • Certificate File (.crt): Browse and select your .crt file.
    • Private Key File (.key): Browse and select your .key file. Be careful! Double-check you are uploading the correct key.
    • Intermediate Certificate(s): If provided as a bundle, upload the .ca-bundle file. If separate files were given, some GravityZone versions allow multiple uploads; otherwise, concatenate them into a single text file (see Step 6).
  5. Concatenate Intermediate Certificates (if necessary): If your certificate authority provided individual intermediate certificates (.ca-bundle is preferred), you need to combine them into a single file. Use a text editor and paste the contents of each .ca file one after another in order, ensuring there are no extra spaces or characters. 
    cat ca1.crt ca2.crt > combined_ca.crt
  6. Verify Certificate Chain: After uploading, GravityZone will usually validate the certificate chain. Check for any errors reported by the console. Common issues include:
    • Incorrect Order of Intermediate Certificates: Ensure they are in the correct order (usually provided by your CA).
    • Missing Intermediate Certificate(s): Upload all required intermediate certificates.
    • Expired Certificate: Check that your certificate is valid and not expired.
  7. Activate the New Certificate: Once validated, activate the new certificate within the GravityZone console. This may involve selecting it from a list of available certificates.
  8. Deploy to Endpoints: Bitdefender will automatically push the updated certificate to your managed endpoints. The deployment time can vary depending on your network size and configuration. You can usually monitor the deployment status in the GravityZone console.
  9. Test the Connection: After deployment, test the connection from a few endpoints to ensure the new certificate is being used correctly. Use a web browser’s developer tools (usually F12) or an online SSL checker tool to verify the certificate details.
    • Browser Test: Open your website in a browser and check the certificate information under ‘Security’.
    • Online Checker: Use a site like SSL Shopper to analyze your SSL configuration.
Exit mobile version