000034485 - RSA Security Analytics: How to start SAW node Web Server using a certificate generated by an external CA

Document created by RSA Customer Support Employee on Jan 2, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034485
Applies To

RSA Product Set: RSA Security Analytics
RSA Product/Service Type: Warehouse 
Platform: Centos
O/S Version: EL6
Issue
 

Using an external certificate to start web server on SAW Node. 
Tasks

Assuming a certificate has been issued by an external CA for the SAW node web server and the below files have been collected: 
ca.pem : The PEM format CA Certificate Chain
mycert.pem : The PEM format HTTPS Server Certificate
mykey.pem : The PEM format Private Key for the HTTPS Server
 
Resolution

SSH to the SAW Node and follow the below steps: 
Step 1: Create the Certificate Chain

 

cat mycert.pem ca.pem > mycertchain.pem

Step 2: Create a PKCS12 Keystore using chain and private key
 

openssl pkcs12 -export -in mycertchain.pem -inkey mykey.pem -out saw.p12 -name saw -CAfile ca.pem -caname sawca


Step 3: Merge the Keystore so that the Certificate and Key is imported into SSL Keystore
 

keytool -importkeystore -srckeystore saw.p12 -destkeystore /opt/mapr/conf/ssl_keystore -srcstoretype PKCS12 -deststoretype JKS

 

Step 4: Restart Web Server
 

/opt/mapr/adminuiapp/webserver stop
/opt/mapr/adminuiapp/webserver start


Step 5: Check with Open SSL
 

openssl s_client -connect localhost:8443

Attachments

    Outcomes