Restore Custom SSL Certificates
Required User Role: Root user
If you used custom Apache SSL certificates before upgrading Tenable Security Center, you must restore the custom Apache SSL certificates after you upgrade Tenable Security Center.
Tenable Security Center creates a backup of the certificates during the upgrade process. Tenable Security Center copies the existing custom SSL certificates to the Apache configuration backup directory that the upgrade process creates in the /tmp/[version].apache.conf-######## directory. The exact name of the directory varies, but the system displays the name during the upgrade process and reports it in the /opt/sc/admin/log/install.log file.
Before you begin:
-
Upgrade to a new version of Tenable Security Center, as described in Upgrade Tenable Security Center.
To restore custom SSL certificates after upgrading Tenable Security Center:
-
Log in to Tenable Security Center via the command line interface (CLI).
-
In the CLI in Tenable Security Center, run the following command:
# cp /tmp/[version].apache.conf-########/SecurityCenter.cert /opt/sc/support/conf/SecurityCenter.crt
-
Select
yesto overwrite the existing file. -
In the CLI in Tenable Security Center, run the following command:
# cp /tmp/[version].apache.conf-########/SecurityCenter.pem /opt/sc/support/conf/SecurityCenter.key
-
Select
yesto overwrite the existing file.Caution: Ensure that the newly copied files have permissions of 0640 and ownership of tns:tns.
-
Modify the
servernameparameter in/opt/sc/support/conf/servernameto match the Common Name (CN) of the SSL certificate.Tip: To obtain the CN, run the following command and note the
CN=portion of the result.# /opt/sc/support/bin/openssl verify /opt/sc/support/conf/SecurityCenter.crt
-
In the CLI in Tenable Security Center, run one of the following commands to restart the Apache server:
# /opt/sc/support/bin/apachectl restart
-or-
# service SecurityCenter restart
The Apache server restarts.