Article Content
Article Number | 000034485 |
Applies To | RSA Product Set: RSA Security Analytics RSA Product/Service Type: Warehouse Platform: Centos O/S Version: EL6 |
Issue | Using an external certificate to start web server on SAW Node. |
Tasks | Assuming a certificate has been issued by an external CA for the SAW node web server and the below files have been collected: ca.pem : The PEM format CA Certificate Chain mycert.pem : The PEM format HTTPS Server Certificate mykey.pem : The PEM format Private Key for the HTTPS Server |
Resolution | SSH to the SAW Node and follow the below steps: Step 1: Create the Certificate Chain cat mycert.pem ca.pem > mycertchain.pem Step 2: Create a PKCS12 Keystore using chain and private key openssl pkcs12 -export -in mycertchain.pem -inkey mykey.pem -out saw.p12 -name saw -CAfile ca.pem -caname sawca Step 3: Merge the Keystore so that the Certificate and Key is imported into SSL Keystore keytool -importkeystore -srckeystore saw.p12 -destkeystore /opt/mapr/conf/ssl_keystore -srcstoretype PKCS12 -deststoretype JKS Step 4: Restart Web Server /opt/mapr/adminuiapp/webserver stop Step 5: Check with Open SSL openssl s_client -connect localhost:8443 |