Recently Viewed Topics
Upload a Custom SSL Certificate
SecurityCenter ships with its own default SSL certificate; however, in many cases it is desirable to obtain a custom SSL certificate for enhanced security.
Note: In the example below, two certificate files were received from the CA: host.crt and host.key. These file names vary depending on the CA used.
Tip: The custom certificate email address must not be SecurityCenter@SecurityCenter or subsequent upgrades cannot retain the new certificate.
To upload a custom SSL certificate to SecurityCenter:
Back up the current certificates located in the /opt/sc/support/conf directory. These files are named SecurityCenter.crt and SecurityCenter.key. In the example below, we place the files in /tmp.
# cp /opt/sc/support/conf/SecurityCenter.crt /tmp/SecurityCenter.crt.bak
# cp /opt/sc/support/conf/SecurityCenter.key /tmp/SecurityCenter.key.bak
Copy the new certificates (e.g., host.crt and host.key) to the /opt/sc/support/conf directory and overwrite the current certificates. If prompted to overwrite, type y.
# cp host.crt /opt/sc/support/conf/SecurityCenter.crt
# cp host.key /opt/sc/support/conf/SecurityCenter.key
Ensure the files have the correct permissions (640) and ownership (tns) as follows:
# ls -l /opt/sc/support/conf/SecurityCenter.crt
-rw-r--r-- 1 tns tns 4389 May 15 15:12 SecurityCenter.crt
# ls -l /opt/sc/support/conf/SecurityCenter.key
-rw-r--r-- 1 tns tns 887 May 15 15:12 SecurityCenter.key
Caution: If an intermediate certificate is required, it must be copied to the system and given the correct permissions (640) and ownership (tns). Additionally, you must remove the # fromthe line in /opt/sc/support/conf/vhostssl.conf that begins with #SSLCertificateChainFile to enable the setting. Modify the path and filename to match the uploaded certificate.
Restart the SecurityCenter services:
# service SecurityCenter restart
- Browse to SecurityCenter using SSL (e.g., https://192.168.1.5).
- When prompted, verify the new certificate details.