This site is currently read-only as we are migrating to Oracle Forums for an improved community experience. You will not be able to initiate activity until January 30th, when you will be able to use this site as normal.

    Forum Stats

  • 3,889,981 Users
  • 2,269,775 Discussions
  • 7,916,823 Comments

Discussions

Need a new cert for SGD

User_0N0IW
User_0N0IW Member Posts: 1 Green Ribbon
edited Nov 16, 2021 4:13PM in Secure Global Desktop

Hello guys i want to renew or that is replace the current cert for SGD. I have tried importing it and then using tarantella security certuse and restarted tarantella but the valid from and to still won't change.

When i type tarantella security certinfo i get the info of the new cert that i imported.

What i want to do is when i import the new certificate. It changes the valid from...

How i did it so far. Got the CSR file in .pem format and put it in /opt/tarantella/var/tsp/ then i did the tarantella security certuse and gave link to cert. After that restarted tarantella.

Any idea what i missed?

Answers

  • mvlonden
    mvlonden Member Posts: 20 Blue Ribbon

    Hi,

    Assuming that you use an official certificate, not self-signed.

    For the installation of the new certificate, you need three things:

    ·        The certificate (.cer or .crt)

    ·        The private key (.key)

    ·        The (custom) intermediate CA certificate (.pem)

     

    Copy these three files to the /opt/tarantella/var/tsp/ folder.

     

    # ./tarantella stop

    Install certificate and private key:

    # ./tarantella security certuse --certfile /opt/tarantella/var/tsp/certificate.crt --keyfile /opt/tarantella/var/tsp/private.key

    A key file already exists for this server.

    Are you sure you want to overwrite it? [no] yes

    Key and certificate are compatible.

    A certificate is already installed for this server.

    Are you sure you want to overwrite it? [no] yes

    IMPORTANT: Your certificate information HAS NOT BEEN COPIED.

              DO NOT delete or move the certificate information.

     

    Create (if needed) and install custom CA:

    Open Notepad (or something else) and paste the content of the CA certificates like this:

     

    -----BEGIN CERTIFICATE-----

    ...

    Intermediate CA's certificate

    ...

    -----END CERTIFICATE-----

     

    -----BEGIN CERTIFICATE-----

    ...

    CA root certificate

    ...

     

    ./tarantella security customca --rootfile /opt/tarantella/var/tsp/custca.pem

    chown ttasys custca.pem

    This part should be done automatically after the installation, but for some unknown I always get an error. So, I do this manually.

     

    chgrp ttaserv custca.pem

    chown ttasys certificate.crt

    chgrp ttaserv certificate.crt

    chown ttasys private.key

    chgrp ttaserv private.key

     

    If not already present, add this line the httpd.conf:

     

    SSLCertificateChainFile /opt/tarantella/var/tsp/custca.pem

    # ./tarantella start

     

    Afterwards go to a website like: https://www.sslshopper.com, and check if the certificate is correct.

    If the installation is correctly, you should see all green checkmarks.

     

    Good luck and regards,

    Michael