Manualshelf

Installation guide

ManualsBrandsAbit ManualsComputer equipmentLicense Scanner
101102103104105106107108109110
108
Appendix 4: Using a Custom SSL Certificate
SecurityCenter ships with its own default SSL certificate; however, in many cases it is desirable to obtain a custom SSL
certificate for enhanced security.
In the example below, two certificate files were received from the CA: “host.crt” and “host.key”. These
file names will vary depending on the CA used.
The custom certificate email address must not be “SecurityCenter@SecurityCenter” or subsequent upgrades
will not retain the new certificate.
Use the steps below to upload a custom SSL certificate to your SecurityCenter:
1. Backup the current certificates that are located in the /opt/sc4/support/conf directory. These files are
named SecurityCenter.crt and SecurityCenter.key. In the example below, we are placing the files in
/tmp.
# cp /opt/sc4/support/conf/SecurityCenter.crt /tmp/SecurityCenter.crt.bak
# cp /opt/sc4/support/conf/SecurityCenter.key /tmp/SecurityCenter.key.bak
2. Copy the new certificates (e.g., host.crt and host.key) to the /opt/sc4/support/conf directory and
overwrite the current certificates. If prompted to overwrite, press “y”.
# cp host.crt /opt/sc4/support/conf/SecurityCenter.crt
# cp host.key /opt/sc4/support/conf/SecurityCenter.key
3. Make sure the files have the correct permissions (644) and ownership (tns) as follows:
# ls -l /opt/sc4/support/conf/SecurityCenter.crt
-rw-r--r-- 1 tns tns 4389 May 15 15:12 SecurityCenter.crt
# ls -l /opt/sc4/support/conf/SecurityCenter.key
-rw-r--r-- 1 tns tns 887 May 15 15:12 SecurityCenter.key
If an intermediate certificate is required, it must be copied to the system and given the correct permissions
(644) and ownership (tns). Additionally, the line in /opt/sc4/support/conf/vhostssl.conf that begins
with #SSLCertificateChainFile must have the “# removed from the beginning of the line to enable the
setting. Modify the path and filename to match the certificate that was uploaded.
4. Restart the SecurityCenter services:
# service SecurityCenter restart
5. Browse to SecurityCenter using SSL (e.g., https://192.168.1.5). When prompted to confirm the SSL certificate,
verify the new certificate details.