Updating expiring HTTPS certs on the DA when the certificate authority provided a new private key and public certificate
search cancel

Updating expiring HTTPS certs on the DA when the certificate authority provided a new private key and public certificate

book

Article ID: 260699

calendar_today

Updated On:

Products

DX NetOps CA Performance Management - Usage and Administration

Issue/Introduction

We cannot utilize a CSR and were issued a new private key and public certificate.  How do we update the Data Aggregator?

Environment

All supported releases

Resolution

1. Find the alias and confirm the password (make a note of the alias; it is needed later):

/opt/IMDataAggregator/jre/bin/keytool -list -keystore /opt/IMDataAggregator/apache-karaf/etc/keystore


2. Remove the encryption from the private key to align passwords:

openssl rsa -in private.key -out decrypted.key


3. Create Keystore (use the same password as used in step 1 when asked):

openssl pkcs12 -export -in ca-signed_cert -inkey decrypted.key -out /tmp/keystore -name alias_from_step1


4. Stop services

systemctl stop dadaemon


5. Make a backup of the keystore:

cp /opt/IMDataAggregator/apache-karaf/etc/keystore /opt/IMDataAggregator/apache-karaf/etc/keystore.bak


6. Move the newly created keystore into place:

cp /tmp/keystore /opt/IMDataAggregator/apache-karaf/etc/keystore


7. Start services

systemctl start dadaemon


8. Access the Portal login page and validate the certificate presented to ensure the new cert is now shown

https://daHostname:8582/rest

Powered by Wolken Software