Restore Custom SSL Certificates
Required User Role: Root user
If you used custom Apache SSL certificates before upgrading Tenable Security Center Director, you must restore the custom Apache SSL certificates after you upgrade Tenable Security Center Director.
Tenable Security Center Director creates a backup of the certificates during the upgrade process. Tenable Security Center Director copies the existing custom SSL certificates to the Apache configuration backup directory that the upgrade process creates in the /tmp/[version].apache.conf-######## directory. The exact name of the directory varies, but the system displays the name during the upgrade process and reports it in the /opt/sc/admin/log/install.log file.
Before you begin:
-
Upgrade to a new version of Tenable Security Center Director, as described in Upgrade Tenable Security Center Director.
To restore custom SSL certificates after upgrading Tenable Security Center Director:
-
Log in to Tenable Security Center Director via the command line interface (CLI).
-
In the CLI in Tenable Security Center Director, run the following command:
# cp /tmp/[version].apache.conf-########/SecurityCenter.cert /opt/sc/support/conf/SecurityCenter.crt
-
Select
yes
to overwrite the existing file. -
In the CLI in Tenable Security Center Director, run the following command:
# cp /tmp/[version].apache.conf-########/SecurityCenter.pem /opt/sc/support/conf/SecurityCenter.key
-
Select
yes
to overwrite the existing file.Caution: Ensure that the newly copied files have permissions of 0640 and ownership of tns:tns.
-
Modify the
servername
parameter in/opt/sc/support/conf/servername
to match the Common Name (CN) of the SSL certificate.Tip: To obtain the CN, run the following command and note the
CN=
portion of the result.# /opt/sc/support/bin/openssl verify /opt/sc/support/conf/SecurityCenter.crt
-
In the CLI in Tenable Security Center Director, run one of the following commands to restart the Apache server:
# /opt/sc/support/bin/apachectl restart
-or-
# service SecurityCenter restart
The Apache server restarts.