![]() ![]() Use a certificate file as the server certificate and any intermediate or chained certificates. Select in the box to browse for the file.Ī private key file must be encoded as a PKCS #8 file. Drag and drop a private key, certificate file, or a keystore file.Select the Update Server Certificate button.To replace the server private key and server certificate: For more information, see Update ClientĬertificate Trust Mode window and Update Server Certificate Trust Mode window. Server trust modes are configured to trust the new certificate. ExtremeCloud IQ - Site Engine clients and other serversĬertificates using the client certificate trust mode and server certificate trust mode settings.īefore updating the ExtremeCloud IQ - Site Engine server certificate, be sure that the client and Whenever the ExtremeCloud IQ - Site Engine server certificate is changed, other ExtremeCloud IQ - Site Engine componentsĬan be affected by the change and stop trusting the server. The following steps assume you generated a replacement server Openssl pkcs8 -topk8 -in -out server-pkcs8.key -nocrypt The server.key file can be copied and converted on either engine.) (OpenSSL is available on ExtremeCloud IQ - Site Engine and ExtremeControl engines. Use the following OpenSSL command where is the original non‑PKCS #8 formatted key file to convert your key file to a PKCS #8 format. ExtremeCloud IQ - Site Engine also accepts PKCS#12 keystore files, which can contain both a private key and certificates. Individual files, in a bundle file, or in the same file as the serverĬertificate. ![]() Use the intermediateĬertificates in whatever format the CA provides them: in If your certificate authority (CA) provides additional intermediateĬertificates, provide those as well. "browser-friendly" certificates, the server certificate should identify theĮxtremeCloud IQ - Site Engine server by its fully qualified host name. Generate the server certificate using the RSA or DSA server private key Generating a Server Private Key and Server Certificate.Other software tools can be used to perform these tasks, To Your Path in the Secure Communication Help topic. Īfter downloading and installing OpenSSL, add the OpenSSL tool to your path OpenSSL is available on theĮxtremeCloud IQ - Site Engine engine or can be downloaded from. Some instructions in this Help topic use OpenSSL software to perform certain tasks. You need a server private key and server certificate to perform the You can also use a "browser-friendly" certificate so that usersĭon't see browser certificate warnings when they access web pages. Which ExtremeCloud IQ - Site Engine must communicate. While these provide secure communication, you can update to aĬertificate provided from an external certificate authority, orĪdd certificates in order to meet the requirements of external components with \keytool -import -keystore PATHtoCACERTS -trustcacerts -alias APP-file "C:\temp\APP.cer"īe sure to change PATHtoCACERTS to the proper JAVA security\lib\cacerts as defined in the LiveContentSSO.xml and update the XXXX to the proper Alias.Follow these instructions to change the server key and certificate generated during installation in ExtremeCloud IQ - Site Engine. \keytool –delete –keystore PATHtoCACERTS –alias XXXX ![]() \keytool -list -keystore PATHtoCACERTS -v -storepass changeit Then use keytool -import to add back the alias with the updated certificate.Įxample commands from the JAVA BIN folder in a DOS command prompt as administrator: Then use keytool -delete to remove the prior alias. Use keytool -list to export the keystore into something readable and find the alias of the expired original certificate. Java also provides the Keytool command for manually doing the steps.įor each APP or Batch server that may have been updated export out the certificate as a CER file. Use a tool like "keystore explorer" for a visual of what is in the keystore and easier options to delete or add to it. The Live ContentGroupsSSO.xml file may contain a path to a version of JAVA and the CACERTS file. Update the PFX file with the latest or modify the configuration to use a new keystoreFile path. KeystoreFile="E:\Program Files\Apache Software Foundation\Tomcat 9.0\conf\wkcssv1602.pfx" If you have your PFX file for the machine cert in the tomcat setup then check the connector port and update the file it points too.Open the server.xml and find the connector for port used by tomcat and find the keystore file argument. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |