Forum Stats

  • 3,839,411 Users
  • 2,262,489 Discussions
  • 7,900,959 Comments

Discussions

Need a new cert for SGD

User_0N0IW
User_0N0IW Member Posts: 1 Green Ribbon
edited Nov 16, 2021 4:13PM in Secure Global Desktop

Hello guys i want to renew or that is replace the current cert for SGD. I have tried importing it and then using tarantella security certuse and restarted tarantella but the valid from and to still won't change.

When i type tarantella security certinfo i get the info of the new cert that i imported.

What i want to do is when i import the new certificate. It changes the valid from...

How i did it so far. Got the CSR file in .pem format and put it in /opt/tarantella/var/tsp/ then i did the tarantella security certuse and gave link to cert. After that restarted tarantella.

Any idea what i missed?

Answers

  • mvlonden
    mvlonden Member Posts: 20 Blue Ribbon

    Hi,

    Assuming that you use an official certificate, not self-signed.

    For the installation of the new certificate, you need three things:

    ·        The certificate (.cer or .crt)

    ·        The private key (.key)

    ·        The (custom) intermediate CA certificate (.pem)

     

    Copy these three files to the /opt/tarantella/var/tsp/ folder.

     

    # ./tarantella stop

    Install certificate and private key:

    # ./tarantella security certuse --certfile /opt/tarantella/var/tsp/certificate.crt --keyfile /opt/tarantella/var/tsp/private.key

    A key file already exists for this server.

    Are you sure you want to overwrite it? [no] yes

    Key and certificate are compatible.

    A certificate is already installed for this server.

    Are you sure you want to overwrite it? [no] yes

    IMPORTANT: Your certificate information HAS NOT BEEN COPIED.

              DO NOT delete or move the certificate information.

     

    Create (if needed) and install custom CA:

    Open Notepad (or something else) and paste the content of the CA certificates like this:

     

    -----BEGIN CERTIFICATE-----

    ...

    Intermediate CA's certificate

    ...

    -----END CERTIFICATE-----

     

    -----BEGIN CERTIFICATE-----

    ...

    CA root certificate

    ...

     

    ./tarantella security customca --rootfile /opt/tarantella/var/tsp/custca.pem

    chown ttasys custca.pem

    This part should be done automatically after the installation, but for some unknown I always get an error. So, I do this manually.

     

    chgrp ttaserv custca.pem

    chown ttasys certificate.crt

    chgrp ttaserv certificate.crt

    chown ttasys private.key

    chgrp ttaserv private.key

     

    If not already present, add this line the httpd.conf:

     

    SSLCertificateChainFile /opt/tarantella/var/tsp/custca.pem

    # ./tarantella start

     

    Afterwards go to a website like: https://www.sslshopper.com, and check if the certificate is correct.

    If the installation is correctly, you should see all green checkmarks.

     

    Good luck and regards,

    Michael