search cancel

Replace the self-signed SSL certificate for Ubuntu installations

book

Article ID: 174593

calendar_today

Updated On:

Products

ICDx

Issue/Introduction

The Symantec Integrated Cyber Security Exchange (ICDx) appliance needs to use an SSL/TLS certificate that is not the self-signed certificate.

The ICDx install is on Ubuntu Server 16.04 or 18.04 LTS.

Environment

ICDx 1.2 or later

Ubuntu Server 16.04 or 18.04 LTS

Resolution

ICDx generates a self-signed SSL/TLS certificate as part of the installation process. This certificate is used for:

  • HTTPS on the ICDx web interface
  • ICDx receivers

Certificates issued by another certificate authority may be used to replace the self-signed certificate. In order to use a certificate authority issued certificate:

  • the certificate file must be in .crt format
  • the private key must be in a .key file with no passphrase

Symantec Enterprise Support will not provide assistance to convert certificate formats by phone, email, or chat. For more assistance, please contact your certificate authority.

Replacing the self-signed certificate for Ubuntu installations:

NOTE: Root privileges may be needed to complete this installation.

  1.     Copy the certificate to the system certificate location:  
    • cp <certificate>.crt /etc/ssl/certs
  2.     Copy the private key file to the system key location:   
    • cp <keyfile>.key /etc/ssl/private
  3.      Edit the NGINX configuration at /etc/nginx/snippets/ssl-cert.conf to point to the new files in the new location:
    • ssl_certificate /etc/ssl/certs/<certfile>.crt
    • ssl_certificate_key /etc/ssl/private/<keyfile>.key
  4.      Restart the NGINX server:
    • systemctl restart nginx
  5.      If an ICDx collector does not respond, restart the collector.