Restore Custom SSL Certificates

Required User Role: Root user

If you used custom Apache SSL certificates before upgrading Tenable Security Center Director, you must restore the custom Apache SSL certificates after you upgrade Tenable Security Center Director.

Tenable Security Center Director creates a backup of the certificates during the upgrade process. Tenable Security Center Director copies the existing custom SSL certificates to the Apache configuration backup directory that the upgrade process creates in the /tmp/[version].apache.conf-######## directory. The exact name of the directory varies, but the system displays the name during the upgrade process and reports it in the /opt/sc/admin/log/install.log file.

Before you begin:

To restore custom SSL certificates after upgrading Tenable Security Center Director:

  1. Log in to Tenable Security Center Director via the command line interface (CLI).

  2. In the CLI in Tenable Security Center Director, run the following command:

    # cp /tmp/[version].apache.conf-########/SecurityCenter.cert /opt/sc/support/conf/SecurityCenter.crt

  3. Select yes to overwrite the existing file.

  4. In the CLI in Tenable Security Center Director, run the following command:

    # cp /tmp/[version].apache.conf-########/SecurityCenter.pem /opt/sc/support/conf/SecurityCenter.key

  5. Select yes to overwrite the existing file.

    Caution: Ensure that the newly copied files have permissions of 0640 and ownership of tns:tns.

  6. Modify the servername parameter in /opt/sc/support/conf/servername to match the Common Name (CN) of the SSL certificate.

    Tip: To obtain the CN, run the following command and note the CN= portion of the result.

    # /opt/sc/support/bin/openssl verify /opt/sc/support/conf/SecurityCenter.crt

  7. In the CLI in Tenable Security Center Director, run one of the following commands to restart the Apache server:

    # /opt/sc/support/bin/apachectl restart

    -or-

    # service SecurityCenter restart

    The Apache server restarts.