How to setup custom TLS and DNS for GoPhish dashboard
Introduction
f you’re using GoPhish for phishing simulations, you might already have a custom domain name and TLS certificate set up for your dashboard. But what about your landing page? It’s equally important to have a valid certificate on your landing page to ensure the success of your campaigns.Ensuring your Gophish landing page is secured with a TLS certificate not only increases the professionalism of your campaigns but also enhances their credibility. Here’s a step-by-step guide on how to set up a custom TLS certificate for your Gophish landing page.
Setuping custom TLS and DNS for GoPhish dashboard
Prerequisites
Before we dive in, make sure you’ve followed the previous tutorial on setting up a custom domain name and TLS on your GoPhish dashboard. This is a requirement for setting up a certificate on your landing page.
Steps
Log into Your GoPhish Server via SSH: After you have the prerequisites in place, the first step is to log into your GoPhish server using SSH.
Choose Your Certificate Option: You have two options here: either generate a new certificate following the steps from the previous tutorial or reuse the certificate you used for your dashboard. Reusing the certificate is often the simpler option.
Modify Your GoPhish Config File (config.json):
- Open the
config.jsonfile in a text editor (like Nano). - Locate the section for your fish server.
- Change the
LISTEN_URLport to 443 (the standard HTTPS port). - Rename the
CERT_PATHandKEY_PATHto match the certificate and key files you want to use (e.g.,gophish_admin.crtandgophish_admin.key). - Set the
TLSoption totrue.
- Open the
Restart the GoPhish Service: Save the changes you made to the
config.jsonfile and restart the GoPhish service. This will apply the new configuration.Verify Your Certificate: Visit your GoPhish landing page in a web browser. You should now see a valid certificate on the regular domain name, not just on port 3636.
