How do I update Portal with new certs when using a fresh keypair?
search cancel

How do I update Portal with new certs when using a fresh keypair?

book

Article ID: 387584

calendar_today

Updated On:

Products

Network Observability CA Performance Management

Issue/Introduction

We had to generate a new private key, how do we change certs over to the new keypair without having to revert HTTPS completely

Resolution

Make the pkcs12:
openssl pkcs12 -export -out new_keystore -inkey <private key generated via the openssl req or from the CA> -in <the signed certificate from the CA>

Find the alias:
/opt/CA/jre/bin/keytool -list -keystore new_keystore -storepass changeit

Change the alias to capc (if not capc already):
/opt/CA/jre/bin/keytool -changealias -alias "your-existing-alias" -destalias capc -keystore new_keystore

Change the keypass to to match existing keystorepass (if it does not match already):
/opt/CA/jre/bin/keytool -keypasswd -alias capc -keystore new_keystore

Stop caperf services:
systemctl stop caperf*

Swap keystores:
mv /opt/CA/PerformanceCenter/jetty/etc/keystore /opt/CA/PerformanceCenter/jetty/etc/keystore.old

cp new_keystore /opt/CA/PerformanceCenter/jetty/etc/keystore

Start caperf services:
systemctl start caperfcenter_sso caperfcenter_eventmanager caperfcenter_devicemanager caperfcenter_console

Powered by Wolken Software