Follow

SSL Certificate Replacement: Converting PFX file into Base64/PEM Certificate and Private key

Product: Stratusphere FIT/UX

Product Version: All

Expires on: 365 days from publish date

Updated: June 4, 2020

 

Problem:

The main document for replacing SSL certificates (linked here) shows you how to create a CSR and private key on the hub and request a matching base64/PEM format certificate using that CSR.  Your security team created the certificate without using the CSR or may have given you the certificate in PFX format.

Possible resolution:

WinSCP the pfx file to /home/friend/ on the hub as friend user.  If AWS, it would be ec2-user rather than friend (you'll need to replace friend with ec2-user for the below commands as well).

Then putty into your hub as friend user and run su - to change to root user.

Export the certificate file from the pfx file by running this command in putty (replace YOURCERTNAME):
openssl pkcs12 -in /home/friend/YOURCERTNAME.pfx -clcerts -nokeys -out /home/friend/ssl.crt.new

Export the private key file from the pfx file:
openssl pkcs12 -in /home/friend/YOURCERTNAME.pfx -nocerts -nodes -out /home/friend/ssl.key.new

Backup working cert and key:
cp /etc/lwl/ssl/ssl.crt /etc/lwl/ssl/ssl.crt.backup
cp /etc/lwl/ssl/ssl.key /etc/lwl/ssl/ssl.key.backup

Move in new cert and key:
cp /home/friend/ssl.crt.new /etc/lwl/ssl/ssl.crt
cp /home/friend/ssl.key.new /etc/lwl/ssl/ssl.key

Update ownership, permissions, security context:
chown root:root /etc/lwl/ssl/ssl.crt
chmod 644 /etc/lwl/ssl/ssl.crt
chmod 640 /etc/lwl/ssl/ssl.key
restorecon –r /etc/lwl/ssl

Restart the Web Server to load the newly added SSL Certificate.
On versions up to 6.1.1, use the following command:
/etc/init.d/httpd restart
On versions 6.1.3 and higher, use the following command:
/etc/init.d/lwl-httpd24 restart

Check that httpd is running:
/etc/init.d/lwl-httpd24 status

If httpd restarted successfully after the cert was replaced, the Stratusphere WebUI should be accessible.  Check that your browser shows the correct certificate.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.