The certificate proxy/server can generate another signed SSL certificate to be imported to AppDefense appliance. Steps to import this SSL certificate in AppDefense appliance are:
- Login to AppDefense appliance with admin user by SSH.
- Copy (scp) the certificate to a location on the appliance, such as /tmp.
- Change user on the appliance to root by,
$ sudo su -
- Back up the original cacerts for Java,
# cp -f /usr/java/jre-vmware/lib/security/cacerts /usr/java/jre-vmware/lib/security/cacerts.bck
- Import the new certificate as part of trusted cacerts for Java, when prompt for password, typing default password "changeit". For the command below, "certificate alias" can be any string as long as it doesn't conflict with existing aliases in the cacerts. And "/path/to/certificate/file" is the certificate just got copied in step 4.
# keytool -import -trustcacerts -keystore /usr/java/jre-vmware/lib/security/cacerts -alias <certificate alias> -import -file </path/to/certificate/file>
- Delete the certificate file and reboot AppDefense appliance, check if AppDefense appliance is reaching to AppDefense cloud manager from manager UI after it is up running again.