Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 63 Insurance
- 536.4K On-Premises Infrastructure
- 138.3K Analytics Software
- 38.6K Application Development Software
- 5.8K Cloud Platform
- 109.5K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71.1K Infrastructure Software
- 105.3K Integration
- 41.6K Security Software
Need a new cert for SGD
Hello guys i want to renew or that is replace the current cert for SGD. I have tried importing it and then using tarantella security certuse and restarted tarantella but the valid from and to still won't change.
When i type tarantella security certinfo i get the info of the new cert that i imported.
What i want to do is when i import the new certificate. It changes the valid from...
How i did it so far. Got the CSR file in .pem format and put it in /opt/tarantella/var/tsp/ then i did the tarantella security certuse and gave link to cert. After that restarted tarantella.
Any idea what i missed?
Answers
-
Hi,
Assuming that you use an official certificate, not self-signed.
For the installation of the new certificate, you need three things:
· The certificate (.cer or .crt)
· The private key (.key)
· The (custom) intermediate CA certificate (.pem)
Copy these three files to the /opt/tarantella/var/tsp/ folder.
# ./tarantella stop
Install certificate and private key:
# ./tarantella security certuse --certfile /opt/tarantella/var/tsp/certificate.crt --keyfile /opt/tarantella/var/tsp/private.key
A key file already exists for this server.
Are you sure you want to overwrite it? [no] yes
…
…
…
Key and certificate are compatible.
A certificate is already installed for this server.
Are you sure you want to overwrite it? [no] yes
IMPORTANT: Your certificate information HAS NOT BEEN COPIED.
DO NOT delete or move the certificate information.
Create (if needed) and install custom CA:
Open Notepad (or something else) and paste the content of the CA certificates like this:
-----BEGIN CERTIFICATE-----
...
Intermediate CA's certificate
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
CA root certificate
...
./tarantella security customca --rootfile /opt/tarantella/var/tsp/custca.pem
chown ttasys custca.pem
This part should be done automatically after the installation, but for some unknown I always get an error. So, I do this manually.
chgrp ttaserv custca.pem
chown ttasys certificate.crt
chgrp ttaserv certificate.crt
chown ttasys private.key
chgrp ttaserv private.key
If not already present, add this line the httpd.conf:
SSLCertificateChainFile /opt/tarantella/var/tsp/custca.pem
# ./tarantella start
Afterwards go to a website like: https://www.sslshopper.com, and check if the certificate is correct.
If the installation is correctly, you should see all green checkmarks.
Good luck and regards,
Michael
