Product: Stratusphere FIT/UX
Product Version: All
Expires on: 365 days from publish date
Updated: June 4, 2020
The main document for replacing SSL certificates (linked here) shows you how to create a CSR and private key on the hub and request a matching base64/PEM format certificate using that CSR. Your security team created the certificate without using the CSR or may have given you the certificate in PFX format.
WinSCP the pfx file to /home/friend/ on the hub as friend user. If AWS, it would be ec2-user rather than friend (you'll need to replace friend with ec2-user for the below commands as well).
Then putty into your hub as friend user and run su - to change to root user.
Export the certificate file from the pfx file by running this command in putty (replace YOURCERTNAME):
openssl pkcs12 -in /home/friend/YOURCERTNAME.pfx -clcerts -nokeys -out /home/friend/ssl.crt.new
Export the private key file from the pfx file:
openssl pkcs12 -in /home/friend/YOURCERTNAME.pfx -nocerts -nodes -out /home/friend/ssl.key.new
Backup working cert and key:
cp /etc/lwl/ssl/ssl.crt /etc/lwl/ssl/ssl.crt.backup
cp /etc/lwl/ssl/ssl.key /etc/lwl/ssl/ssl.key.backup
Move in new cert and key:
cp /home/friend/ssl.crt.new /etc/lwl/ssl/ssl.crt
cp /home/friend/ssl.key.new /etc/lwl/ssl/ssl.key
Update ownership, permissions, security context:
chown root:root /etc/lwl/ssl/ssl.crt
chmod 644 /etc/lwl/ssl/ssl.crt
chmod 640 /etc/lwl/ssl/ssl.key
restorecon –r /etc/lwl/ssl
Restart the Web Server to load the newly added SSL Certificate.
On versions up to 6.1.1, use the following command:
On versions 6.1.3 and higher, use the following command:
Check that httpd is running:
If httpd restarted successfully after the cert was replaced, the Stratusphere WebUI should be accessible. Check that your browser shows the correct certificate.