Updating expiring HTTPS certs on the Portal when the certificate authority provided a new private key and public certificate
search cancel

Updating expiring HTTPS certs on the Portal when the certificate authority provided a new private key and public certificate

book

Article ID: 260698

calendar_today

Updated On:

Products

DX NetOps CA Performance Management - Usage and Administration

Issue/Introduction

We cannot utilize a CSR and were issued a new private key and public certificate.  How do we update the Portal?

Environment

All supported releases

Resolution

1. Find the alias and confirm the password (make a note of the alias; it is needed later):

/opt/CA/jre/bin/keytool -list -keystore /opt/CA/PerformanceCenter/jetty/etc/keystore


2. Remove the encryption from the private key to align passwords:

openssl rsa -in private.key -out decrypted.key


3. Create Keystore (use the same password as used in step 1 when asked):

openssl pkcs12 -export -in ca-signed_cert -inkey decrypted.key -out /tmp/keystore -name alias_from_step1


4. Stop services

systemctl stop caperf*


5. Make a backup of the keystore:

cp /opt/CA/PerformanceCenter/jetty/etc/keystore /opt/CA/PerformanceCenter/jetty/etc/keystore.bak


6. Move the newly created keystore into place:

cp /tmp/keystore /opt/CA/PerformanceCenter/jetty/etc/keystore


7. Start services

systemctl start caperfcenter_sso caperfcenter_eventmanager caperfcenter_devicemanager; sleep 20; systemctl start caperfcenter_console


8. Access the Portal login page and validate the certificate presented to ensure the new cert is now shown

https://portalHostname:8182

Powered by Wolken Software