How to create a new self-signed certificate for reporter
search cancel

How to create a new self-signed certificate for reporter

book

Article ID: 217716

calendar_today

Updated On:

Products

Reporter Reporter-S500 Reporter-VA

Issue/Introduction

The Self-signed certificate for reporter is expired.
How to generate new self-signed certificate ?

Environment

Release : 10.5.X and later

Component : Certificate.

Resolution

Steps to generate new self signed certificate.

[Backup current certificate info]

  1. Go to config mode from CLI.
  2. Backup current subject info by view keyring default command

    Save output Certificate subject: 

    reporter# ssl view keyring default
    Keyring ID:                 default

    Certificate subject:        C=US,ST=CA,L=Mountain View,O=Symantec Reporter,OU=002648XXXX,CN=XXX.XXX.XXX.XXX <--
    Subject alternative name:   IP Address:XXX.XXX.XXX.XXX

  3. Backup certificate default

    reporter# ssl view certificate default

    save output "BEGIN CERTIFICATE" to "END CERTIFICATE"
    -----BEGIN CERTIFICATE-----
    MIID9jCCAt6gAwIBAgIJAMvulXSL+dYhMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV


    z4acrOESzJ6SGw==
    -----END CERTIFICATE-----

  4. Backup private key for default.

    reporter# ssl view keypair default

    Save output "BEGIN PRIVATE KEY" to "END PRIVATE KEY"
    -----BEGIN PRIVATE KEY-----
    MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCinvzRzXNny9Hb


    M0ZKh0PA+0yhA3xFUKK6MC3h7Q==
    -----END PRIVATE KEY-----

[Generate a new self signed certificate]
Note: To generate a new self signed certificate first we need remove old certificate.

  1. remove old certificate by ssl delete certificate default command

    reporter# ssl delete certificate default
      ok
    reporter#

  2. Generate a new self signed certificate by ssl create certificate default command

    reporter# ssl create certificate default
    Value for 'subject' (<Certificate subject>): SAMPLE IS BELOW

    Value for 'subject' (<Certificate subject>): C=US,ST=CA,L=Mountain View,O=Symantec Reporter,OU=002648XXXX,CN=XXX.XXX.XXX.XXX
      ok
    reporter#

  3. Stop and start reporter service by stop-reporter / start-reporter

Access reporter from web UI, Note your browser would ask to trust this new certificate.

Additional Information

After the Restart we also need to make sure to add the new Certificate to the associated Proxy

Import the Reporter Appliance Certificate

Reporter uses a self-signed certificate, which means the ProxySG appliance will not trust it. Import the certificate that you copied from the Prerequisites section in this topic.
When importing a custom certificate, a series of OpenSSL commands must be executed for the new certificate. The OpenSSL commands must be added to the custom certificate before download. Refer to the ssl CLI command on the CLI Reference page for the list of OpenSSL commands and additional information.

Import the certificate.
In ProxySG select Configuration > SSL > CA Certificates.
On the CA Certificates tab, click Import. The interface displays the Import CA Certificate dialog.
Name the CA Cert. For example, Reporter.
In a text editor, open the certificate file that you exported and copy the contents.
Paste the contents in the CA Certificate PEM area.
Click OK.
Add the certificate to the Trusted Browsers list.

  1. Select the CA Certificate List tab.
  2. Select browser-trusted and click Edit. The interface displays the Edit CA Certificate List.
  3. Select the new certificate.
  4. Click Add.
  5. Click OK; click Apply.
Powered by Wolken Software