Working with SSL Server Certificates: Difference between revisions
No edit summary |
No edit summary |
||
Line 46: | Line 46: | ||
Only one certificate section should be visible. | Only one certificate section should be visible. | ||
Verify the content of the certificate store. | |||
<pre># /opt/NetScout/jre64/bin/keytool -list -v -keystore /opt/NetScout/rtm/html/ngeniusclient.truststore | |||
</pre> | |||
| |
Revision as of 12:21, 2 December 2022
Installing SSL Server Certificate on fresh NGS
Below steps describe how to install an SSL Server Certificate on a fresh NGS. This tutorial cannot be used to replace an SSL Server Certificate.
Copy both the .crt and .key file to the home folder of user root.
Verify the certificate file only contains the server certificate. A certificate bundle can't be used.
# vi server_certificate_file.crt
Only one certificate section should be visible.
Stop the nGeniusONE server process.
# pmbin # ./stop
Step into the tools folder.
# cd ../tools # ./nscertutil.sh
Now choose option 2 and follow the steps. You can use the server's hostname (without suffix) as alias.
Start the nGeniusONE server process.
# pmbin # ./start
As a final step remove the certificate file and key file from the system.
# rm server_certificate_file.crt # rm server_certificate_file.key
Replacing SSL Server Certificate on NGS
Below steps describe how to replace an SSL Server Certificate on NGS. This procedure applies to a certificate that is still valid. If the certificate has expired, this procedure can't be used.
Copy both the .crt and .key file to the home folder of user root.
Verify the certificate file only contains the server certificate. A certificate bundle can't be used.
# vi server_certificate_file.crt
Only one certificate section should be visible.
Verify the content of the certificate store.
# /opt/NetScout/jre64/bin/keytool -list -v -keystore /opt/NetScout/rtm/html/ngeniusclient.truststore