Restore Custom SSL Certificates

Required User Role: Root user

If you used custom Apache SSL certificates before upgrading Tenable.sc, you must restore the custom Apache SSL certificates after you upgrade Tenable.sc.

Tenable.sc creates a backup of the certificates during the upgrade process. Tenable.sc copies the existing custom SSL certificates to the Apache configuration backup directory that the upgrade process creates in the /tmp/[version].apache.conf-######## directory. The exact name of the directory varies, but the system displays the name during the upgrade process and reports it in the /opt/sc/admin/log/install.log file.

Before you begin:

To restore custom SSL certificates after upgrading Tenable.sc:

  1. Log in to Tenable.sc via the command line interface (CLI).

  2. In the CLI in Tenable.sc, run the following command:

    # cp /tmp/[version].apache.conf-########/SecurityCenter.cert /opt/sc/support/conf/SecurityCenter.crt
  3. Select yes to overwrite the existing file.

  4. In the CLI in Tenable.sc, run the following command:

    # cp /tmp/[version].apache.conf-########/SecurityCenter.pem /opt/sc/support/conf/SecurityCenter.key
  5. Select yes to overwrite the existing file.

    Caution: Ensure that the newly copied files have permissions of 0640 and ownership of tns:tns.

  6. Modify the servername parameter in /opt/sc/support/conf/servername to match the Common Name (CN) of the SSL certificate.

    Tip: To obtain the CN, run the following command and note the CN= portion of the result.

    # /opt/sc/support/bin/openssl verify /opt/sc/support/conf/SecurityCenter.crt
  7. In the CLI in Tenable.sc, run one of the following commands to restart the Apache server:

    # /opt/sc/support/bin/apachectl restart

    -or-

    # service SecurityCenter restart

    The Apache server restarts.