The SVM VA server will generate a self-signed SSL certificate when you choose to use SSL. These instructions will explain how to swap it for your certificate and key pair.
Once you've run through the SVM Virtual Appliance (VA) setup wizard and have selected to use SSL you'll find that the server is set up with a self-signed SSL certificate. In some environments that isn't an ideal solution as the act of propagating the public key from this certificate to all endpoints can be daunting. Below you'll find step by step instructions on how to replace the generated certificate with your own.
1. Obtain and transfer your public and private keys to your SVM VA. Once you have access to the file(s) this can be easily transferred to your server with a tool like WinSCP.
2. If your certificate is packaged together in a PFX file, you can do the following to prepare your public and private key files.
If you have a PEM file that has the two keys instead of a pfx you'll want to change the pkcs12 to x509 to match the format of the certificate. If you have another certificate format you'll need to adjust accordingly. Please refer to theopenssl manual pagefor further details
3. Next, we need to replace the existing self-signed certificate files with the ones we now have on hand.
We can find the location for the existing key pair in the virtual host definition for Apache which is found in /etc/httpd/conf.d/secunia-ssl.conf. Here is what the certificates paths look like in virtual host file
The important lines from the virtual host are the SSLCertificateFile and SSLCertificateKeyFile directives. These tell Apache which public and private key to use for the SSL connection and this lets us know what files we need to replace.
4. Remove the existing certificate key pair and replace it with yours.
Begin with deleting the old public key:
Delete the old private key:
Copy new public key
cp csi.crt /etc/pki/tls/certs/
Copy new private key
cp csi.key /etc/pki/tls/private/
5. Restart Apache
service httpd restart
After restarting Apache you are all set. Your connections to the SVM Server will occur using the newly implemented certificate.
Nov 15, 201907:31 AM - edited Dec 16, 201903:48 AM