Summary
The SVM VA server will generate a self-signed SSL certificate when you choose to use SSL.
These instructions will explain how to swap it for your certificate and key pair.
Synopsis
Once you've run through the SVM Virtual Appliance (VA) setup wizard and have selected to use SSL you'll find that the server is set up with a self-signed SSL certificate. In some environments that isn't an ideal solution as the act of propagating the public key from this certificate to all endpoints can be daunting. Below you'll find step by step instructions on how to replace the generated certificate with your own.
1. Obtain and transfer your public and private keys to your SVM VA. Once you have access to the file(s) this can be easily transferred to your server with a tool like WinSCP.
2. If your certificate is packaged together in a PFX file, you can do the following to prepare your public and private key files.
Extract the private key:
openssl pkcs12 -in cert_name.pfx -nocerts -out csi.key
Remove the password from your key, so httpd will start without prompting:
mv csi.key csi.key.secure
openssl rsa -in csi.key.secure -out csi.key
Generate the public certificate:
openssl pkcs12 -in cert_name.pfx -clcerts -nokeys -out csi.crt
If you have a PEM file that has the two keys instead of a pfx you'll want to change the pkcs12 to x509 to match the format of the certificate. If you have another certificate format you'll need to adjust accordingly. Please refer to the openssl manual page for further details
We can find the location for the existing key pair in the virtual host definition for Apache which is found in /etc/httpd/conf.d/secunia-ssl.conf. Here is what the certificates paths look like in virtual host file
SSLCertificateFile /etc/pki/tls/certs/csi.crt
SSLCertificateKeyFile /etc/pki/tls/private/csi.key
The important lines from the virtual host are the SSLCertificateFile and SSLCertificateKeyFile directives. These tell Apache which public and private key to use for the SSL connection and this lets us know what files we need to replace.
4. Remove the existing certificate key pair and replace it with yours.
Begin with deleting the old public key:
rm /etc/pki/tls/certs/csi.crt
Delete the old private key:
rm /etc/pki/tls/private/csi.key
Copy new public key
cp csi.crt /etc/pki/tls/certs/
Copy new private key
cp csi.key /etc/pki/tls/private/
service httpd restartAfter restarting Apache you are all set.
Your connections to the SVM Server will occur using the newly implemented certificate.
Are you sure you want to cancel the case creation?
Are you sure you want to close this case
| Products | Region | Phone Numbers |
|---|---|---|
| FlexNet Operations FlexNet Embedded FlexNet Publisher FlexNet Connect FlexNet Code Insight InstallAnywhere InstallShield |
North America * |
+1 630-332-2513 (toll) +1 877-279-2853 (toll-free in North America) |
| Europe * |
+44 1925 944367 (toll) +44 800 047 8642 (toll-free in Europe) |
|
| Japan * | +81 3-4540-5335 (select option 2) | |
| Australia * |
+61 3 9895 2177 +61 1800 560 603 (toll-free in Australia) |
|
|
Usage Intelligence (formerly
Revulytics) Compliance Intelligence |
Please use the Case Portal to submit your support ticket or reach out to your Revenera contact. | |
Case id: 00001065
Activity: Status change: 2 hours ago