search cancel

Replace the self-signed SSL certificate for Red Hat installations

book

Article ID: 174587

calendar_today

Updated On:

Products

ICDx

Issue/Introduction

  • The Symantec Integrated Cyber Security Exchange (ICDx) appliance needs to use a SSL/TLS certificate that is not the self-signed certificate.
  • The ICDx install is on Red Hat Enterprise Linux.

Environment

  • ICDx 1.3.1 or later
  • RHEL 7.4, 7.6, 7.7

Resolution

ICDx generates as self-signed SSL/TLS certificate as part of the installation process. This certificate is used for:

  • HTTPS on the ICDx web interface
  • ICDx receivers

Certificates issued by another certificate authority may be used to replace the self-signed certificate. In order to use a certificate authority issued certificate:

  • the certificate file must be in .crt format
  • the private key must be in a .key file with no passphrase

Symantec Enterprise Support will not provide assistance to convert certificate formats by phone, email, or chat. For more assistance, please contact your certificate authority.

 

Replacing the self-signed certificate for Red Had Enterprise Linux installations:

NOTE: Root privileges may be needed to complete this installation.

  1. Copy the certificate to the system certificate location:
    • cp <certfile>.crt /etc/pki/tls/certs
  2. Copy the private key file to the system key location:
    • cp <keyfile>.key /etc/pki/tls/private
  3. Edit the NGINX configuration at /etc/nginx/snippets/ssl-cert.conf to point to the new files in the new location:
    • ssl_certificate /etc/pki/tls/certs/<certfile>.crt
    • ssl_certificate_key /etc/pki/tls/private/<keyfile>.key
  4. Restart the NGINX server:
    • systemctl restart nginx
  5. If an ICDx collector does not respond after changing certificates, restart the collector.

 

For further information, please refer to the Administration Guide for your version of ICDx.