Apply Server Certificates

There are times when you will need to install or update certificates on your server. Please see the general instructions below to complete this task. Please write support@indeni.com at anytime should you require assistance. You can also ask us in the community!

REQUIREMENTS: Access to the Indeni server with a username and password. You do not need a user with root access.

PLEASE NOTE: Indeni support cannot reset your ubuntu username and password. Please see these instructions for assistance.

GENERAL INSTRUCTIONS FOR VERSION 6.4 AND UP

Note: in the instructions below, the new certificate is called “ssl_wild_pkcs12.pfx” and the new passphrase is “secret”. Please replace these with the actual certificate name and passphrase.

Please upload the new certificate to /home/indeni on the Indeni server and then log into the Indeni server and run the following:


cd /usr/share/indeni-services
cp /home/indeni/ssl_wild_pkcs12.pfx . 
chmod --reference=indeniserver.p12 ssl_wild_pkcs12.pfx 
cd /usr/share/indeni-services/vigile 
cp config.js config.js.org
# edit the config file
"vi config.js" or "nano config.js"
# update the following two lines in the config.js file
keystore: process.env.INDENI_KEYSTORE || “/usr/share/indeni-services/indeniserver.p12”,
passphrase: process.env.KEYSTORE_PASSPHRASE || “l530s8qLHy”,
# to keystore:
process.env.INDENI_KEYSTORE || “/usr/share/indeni-services/ssl_wild_pkcs12.pfx”,
passphrase: process.env.KEYSTORE_PASSPHRASE || “secret“,
# save the file and exit
cp config.js config.js.cert
# restart the services
sudo service indeni-vigile restart
# refresh the browser used to access Indeni’s GUI and check the certificate

Note: the config.js file is overwritten by upgrades. Following an upgrade please log into the Indeni server and run the following:

cd /usr/share/indeni-services/vigile
cp config.js.cert config.js
# restart the services
sudo service indeni-vigile restart
# refresh the browser used to access Indeni’s GUI and check the certificate

 

How to Generate a CSR Certificate

Log into the Indeni server and via the CLI type the following:

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Then enter the required information. More detail around this process can be found here.