Apply Server Certificates
There are times when you will need to install or update certificates on your server. Please see the general instructions below to complete this task. Should you require assistance, please send a request to support@indeni.com.
Note: in the instructions below, the new certificate is called “ssl_wild_pkcs12.pfx” and the new passphrase is “secret”. Please replace these with the actual certificate name and passphrase.
Please upload the new certificate to /home/indeni on the Indeni server and then log into the Indeni server
INSTRUCTIONS FOR VERSION 8.1 AND UP
Version 8.1 introduces a method for persisting the setting of the Indeni server’s web certificate settings.
Please perform the following:
# edit the new parameter file in order to create it (if it doesn't exist) vi /usr/share/indeni-services/vigile/ssl-config.json # Insert the following with the relevant certificate name and secret: { "keystore": "/usr/share/indeni-services/ssl_wild_pkcs12.pfx", "passphrase": "secret" } # Save the file and exit # copy the acl settings from the default certificate sudo chmod --reference=indeniserver.p12 ssl_wild_pkcs12.pfx # restart the vigile service sudo service indeni-vigile restart # refresh the browser used to access Indeni’s GUI and check the certificate
INSTRUCTIONS FOR VERSION PRIOR TO 8.0
Please perform the following:
cd /usr/share/indeni-services cp /home/indeni/ssl_wild_pkcs12.pfx . chmod --reference=indeniserver.p12 ssl_wild_pkcs12.pfx cd /usr/share/indeni-services/vigile cp config.js config.js.org # edit the config file "vi config.js" or "nano config.js" # update the following two lines in the config.js file keystore: process.env.INDENI_KEYSTORE || “/usr/share/indeni-services/indeniserver.p12”, passphrase: process.env.KEYSTORE_PASSPHRASE || “l530s8qLHy”, # to keystore: process.env.INDENI_KEYSTORE || “/usr/share/indeni-services/ssl_wild_pkcs12.pfx”, passphrase: process.env.KEYSTORE_PASSPHRASE || “secret“, # save the file and exit cp config.js config.js.cert # restart the services sudo service indeni-vigile restart # refresh the browser used to access Indeni’s GUI and check the certificate
Note: the config.js file is overwritten by upgrades. Following an upgrade please log into the Indeni server and run the following:
cd /usr/share/indeni-services/vigile cp config.js.cert config.js # restart the services sudo service indeni-vigile restart # refresh the browser used to access Indeni’s GUI and check the certificate
How to Generate a CSR Certificate
Log into the Indeni server and via the CLI type the following:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
Then enter the required information. More detail around this process can be found here.