Forum Stats

  • 3,854,312 Users
  • 2,264,351 Discussions


Need a new cert for SGD

User_0N0IW Member Posts: 1 Green Ribbon
edited Nov 16, 2021 4:13PM in Secure Global Desktop

Hello guys i want to renew or that is replace the current cert for SGD. I have tried importing it and then using tarantella security certuse and restarted tarantella but the valid from and to still won't change.

When i type tarantella security certinfo i get the info of the new cert that i imported.

What i want to do is when i import the new certificate. It changes the valid from...

How i did it so far. Got the CSR file in .pem format and put it in /opt/tarantella/var/tsp/ then i did the tarantella security certuse and gave link to cert. After that restarted tarantella.

Any idea what i missed?


  • mvlonden
    mvlonden Member Posts: 20 Blue Ribbon


    Assuming that you use an official certificate, not self-signed.

    For the installation of the new certificate, you need three things:

    ·        The certificate (.cer or .crt)

    ·        The private key (.key)

    ·        The (custom) intermediate CA certificate (.pem)


    Copy these three files to the /opt/tarantella/var/tsp/ folder.


    # ./tarantella stop

    Install certificate and private key:

    # ./tarantella security certuse --certfile /opt/tarantella/var/tsp/certificate.crt --keyfile /opt/tarantella/var/tsp/private.key

    A key file already exists for this server.

    Are you sure you want to overwrite it? [no] yes

    Key and certificate are compatible.

    A certificate is already installed for this server.

    Are you sure you want to overwrite it? [no] yes

    IMPORTANT: Your certificate information HAS NOT BEEN COPIED.

              DO NOT delete or move the certificate information.


    Create (if needed) and install custom CA:

    Open Notepad (or something else) and paste the content of the CA certificates like this:




    Intermediate CA's certificate


    -----END CERTIFICATE-----




    CA root certificate



    ./tarantella security customca --rootfile /opt/tarantella/var/tsp/custca.pem

    chown ttasys custca.pem

    This part should be done automatically after the installation, but for some unknown I always get an error. So, I do this manually.


    chgrp ttaserv custca.pem

    chown ttasys certificate.crt

    chgrp ttaserv certificate.crt

    chown ttasys private.key

    chgrp ttaserv private.key


    If not already present, add this line the httpd.conf:


    SSLCertificateChainFile /opt/tarantella/var/tsp/custca.pem

    # ./tarantella start


    Afterwards go to a website like:, and check if the certificate is correct.

    If the installation is correctly, you should see all green checkmarks.


    Good luck and regards,