Working with SSL Server Certificates: Difference between revisions
No edit summary |
No edit summary |
||
(14 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
== Installing SSL Server Certificate on fresh NGS == | == Installing SSL Server Certificate on fresh NGS == | ||
Below steps describe how to install an SSL Server Certificate on a fresh NGS. This tutorial cannot be used to replace an SSL Server Certificate. | |||
Verify certificate file. | Copy both the .crt and .key file to the home folder of user root. | ||
Verify the certificate file only contains the server certificate. A certificate bundle can't be used. | |||
<pre># vi server_certificate_file.crt | |||
</pre> | |||
Only one certificate section should be visible. | |||
Stop the nGeniusONE server process. | |||
<pre># pmbin | |||
# ./stop | |||
</pre> | |||
Step into the tools folder. | |||
<pre># cd ../tools | |||
# ./nscertutil.sh | |||
</pre> | |||
Now choose option 2 and follow the steps. You can use the server's hostname (without suffix) as alias. | |||
Start the nGeniusONE server process. | |||
<pre># pmbin | |||
# ./start | |||
</pre> | |||
As a final step remove the certificate file and key file from the system. | |||
<pre># rm server_certificate_file.crt | |||
# rm server_certificate_file.key | |||
</pre> | |||
== Replacing SSL Server Certificate on NGS == | |||
Below steps describe how to replace an SSL Server Certificate on NGS. This procedure applies to a certificate that is still valid. If the certificate has expired, this procedure can't be used. | |||
Copy both the .crt and .key file to the home folder of user root. | |||
Verify the certificate file only contains the server certificate. A certificate bundle can't be used. | |||
<pre># vi server_certificate_file.crt | |||
</pre> | |||
Only one certificate section should be visible. | |||
Verify the content of the certificate store. | |||
<pre># /opt/NetScout/jre64/bin/keytool -list -v -keystore /opt/NetScout/rtm/html/ngeniusclient.truststore | |||
</pre> | |||
Record the alias of the certificate that needs to be replaced. | |||
Stop the nGeniusONE server process. | |||
<pre># pmbin | |||
# ./stop | |||
</pre> | |||
Step into the tools folder. | |||
Now, remove the certificate using the alias. | |||
<pre># /opt/NetScout/jre64/bin/keytool -delete -alias <alias> -keystore /opt/NetScout/rtm/html/ngeniusclient.truststore | |||
</pre> | |||
Step into the tools folder. | |||
<pre># cd ../tools | |||
# ./nscertutil.sh | |||
</pre> | |||
Now choose option 2 and follow the steps. You can use the server's hostname (without suffix) as alias. | |||
Start the nGeniusONE server process. | |||
<pre># pmbin | |||
# ./start | |||
</pre> | |||
As a final step remove the certificate file and key file from the system. | |||
<pre># rm server_certificate_file.crt | |||
# rm server_certificate_file.key | |||
</pre> |
Latest revision as of 13:42, 5 December 2022
Installing SSL Server Certificate on fresh NGS
Below steps describe how to install an SSL Server Certificate on a fresh NGS. This tutorial cannot be used to replace an SSL Server Certificate.
Copy both the .crt and .key file to the home folder of user root.
Verify the certificate file only contains the server certificate. A certificate bundle can't be used.
# vi server_certificate_file.crt
Only one certificate section should be visible.
Stop the nGeniusONE server process.
# pmbin # ./stop
Step into the tools folder.
# cd ../tools # ./nscertutil.sh
Now choose option 2 and follow the steps. You can use the server's hostname (without suffix) as alias.
Start the nGeniusONE server process.
# pmbin # ./start
As a final step remove the certificate file and key file from the system.
# rm server_certificate_file.crt # rm server_certificate_file.key
Replacing SSL Server Certificate on NGS
Below steps describe how to replace an SSL Server Certificate on NGS. This procedure applies to a certificate that is still valid. If the certificate has expired, this procedure can't be used.
Copy both the .crt and .key file to the home folder of user root.
Verify the certificate file only contains the server certificate. A certificate bundle can't be used.
# vi server_certificate_file.crt
Only one certificate section should be visible.
Verify the content of the certificate store.
# /opt/NetScout/jre64/bin/keytool -list -v -keystore /opt/NetScout/rtm/html/ngeniusclient.truststore
Record the alias of the certificate that needs to be replaced.
Stop the nGeniusONE server process.
# pmbin # ./stop
Step into the tools folder.
Now, remove the certificate using the alias.
# /opt/NetScout/jre64/bin/keytool -delete -alias <alias> -keystore /opt/NetScout/rtm/html/ngeniusclient.truststore
Step into the tools folder.
# cd ../tools # ./nscertutil.sh
Now choose option 2 and follow the steps. You can use the server's hostname (without suffix) as alias.
Start the nGeniusONE server process.
# pmbin # ./start
As a final step remove the certificate file and key file from the system.
# rm server_certificate_file.crt # rm server_certificate_file.key