Hi All,
Is there any article how to update the Public ca certificate and server certificate for NW server console. I am not able to find any article for 11.1
Hi All,
Is there any article how to update the Public ca certificate and server certificate for NW server console. I am not able to find any article for 11.1
This is taken from the security config guide. I can confirm that this works perfectly.
1.Rename your certificate files and save them in for NGINX.
Rename the customer provided cert.pem certificate pem file to web-server-cert.pem.
Rename the customer provided key.pem key pem file to web-server-key.pem.
Rename customer provided cert.chain certificate chain file to web-server-cert.chain.
Rename cert.p7b certificate p7b file to web-server-cert.p7b.
2.SSH to the NW Server.
3.Replace the existing NetWitness Suite generated /etc/pki/nw/web/web-server-cert.pem, /etc/pki/nw/web/web-server-key.pem, /etc/pki/nw/web/web-server-cert.chain and /etc/pki/nw/web/web-server-cert.p7b files with the files you renamed in step 1.
4.Restart NGINX service.service nginx restart.
Hi Aaron & Sean,
Thanks for the steps, that would be much more useful., I was provided with with a certificate in .crt form which I can convert to .pem form
/etc/pki/nw/web/web-server-cert.pem-- this is for server certificate
/etc/pki/nw/web/web-server-key.pem, -Key for server certificate
/etc/pki/nw/web/web-server-cert.chain - Root & Intermediate certificate?
/etc/pki/nw/web/web-server-cert.p7b- what would this be?
Please clarify whether I am correct ? Also, would it be Okay, If I have no Key certificate?
You'll need the key. The p7b is a bundle contains the certificate and any chain certificates that exist. No key is included in this bundle.
And I must add that you should backup the /etc/pki/nw/web/ files before you replace them up.
If your organization has a certificate authority, you can probably show them these instructions and they should be able to get exactly what you need.
It might be an issue with the cert not being part of your OS's and/or browser's trusted certificate store. You can import your server cert and your CA cert and see if those help resolve this.
And fwiw, in my lab I have run through this process and Firefox shows everything Secure/Green, but Chrome does not.
We should include Subject Alternative Name into the certificate when we generate the same.
For Chrome 58 and later, only the subjectAlternativeName extension, not commonName, is used to match the domain name and site certificate. The certificate subject alternative name can be a domain name or IP address.
We should include Subject Alternative Name into the certificate when we generate the same.
For Chrome 58 and later, only the subjectAlternativeName extension, not commonName, is used to match the domain name and site certificate. The certificate subject alternative name can be a domain name or IP address.
This is taken from the security config guide. I can confirm that this works perfectly.
1.Rename your certificate files and save them in for NGINX.
Rename the customer provided cert.pem certificate pem file to web-server-cert.pem.
Rename the customer provided key.pem key pem file to web-server-key.pem.
Rename customer provided cert.chain certificate chain file to web-server-cert.chain.
Rename cert.p7b certificate p7b file to web-server-cert.p7b.
2.SSH to the NW Server.
3.Replace the existing NetWitness Suite generated /etc/pki/nw/web/web-server-cert.pem, /etc/pki/nw/web/web-server-key.pem, /etc/pki/nw/web/web-server-cert.chain and /etc/pki/nw/web/web-server-cert.p7b files with the files you renamed in step 1.
4.Restart NGINX service.service nginx restart.