How To Import SSL Certificate from the Certificate Authority into Spectrum OneClick
search cancel

How To Import SSL Certificate from the Certificate Authority into Spectrum OneClick

book

Article ID: 112210

calendar_today

Updated On: 10-29-2024

Products

Spectrum Network Observability

Issue/Introduction

When a customer receives certificate files from a Certificate Authority (CA), they must follow specific steps to import these certificates into CA Spectrum OneClick. This guide outlines the recommended process to ensure certificates are correctly prepared and integrated into the Spectrum environment, minimizing potential import issues.

Environment

Release: All Supported Releases

Component: SPCOCK - Spectrum OneClick

Resolution

Importing Certificates into Custom Keystore

Overview

This guide provides step-by-step instructions for creating and importing certificates into a custom keystore for Spectrum. Follow each step carefully to ensure certificates are correctly imported.

Steps

1. Create Certificate Files

  • Create three empty files, one for each certificate.
  • Copy each certificate's content from the original certificate file, starting from:
     
    -----BEGIN CERTIFICATE-----
    to:
     
    -----END CERTIFICATE-----
     
  • Note: Ensure each file ends precisely on the END CERTIFICATE line with no extra spaces or blank lines. Extra spaces or blank lines can cause import issues.

2. Identify the Root Certificate

  • Run the following command to identify the root certificate:
     
    openssl x509 -in file.txt -noout -text | egrep "(Subject:|Issuer:)"

3. Import the Root Certificate

  • Use the following command to import the root certificate into the keystore:
     
    ./keytool -import -alias root -keystore $SPECROOT/custom/keystore/cacerts -trustcacerts -file root_chain_certificate_filename

4. Import Additional Certificates

  • For each additional certificate file, use the command below, replacing <filealias> with a unique alias for each file to avoid confusion:
     
    ./keytool -import -alias <filealias> -keystore $SPECROOT/custom/keystore/cacerts -trustcacerts -file your_certificate_filename

5. Import Provided CER Certificate

  • Run the following command to import the CER certificate provided, using the alias tomcatssl:
     
    ./keytool -import -alias tomcatssl -keystore $SPECROOT/custom/keystore/cacerts -trustcacerts -file your_certificate_filename

6. Restart Tomcat

  • Navigate to the Tomcat binary directory:
     
    cd $SPECROOT/tomcat/bin
  • Stop Tomcat:
     
    $SPECROOT/tomcat/bin/stopTomcat.sh
  • Start Tomcat:
     
    $SPECROOT/tomcat/bin/startTomcat.sh

Additional Information


Please reference the "Configure OneClick for Secure Sockets Layer" section of the documentation for more information.
Powered by Wolken Software