There are times when you will need to install or update certificates on your server. Please see the general instructions below to complete this task. Please write firstname.lastname@example.org at anytime should you require assistance. You can also ask us in the community!
REQUIREMENTS: Access to the Indeni server with a username and password. You do not need a user with root access.
PLEASE NOTE: Indeni support cannot reset your ubuntu username and password. Please see these instructions for assistance.
GENERAL INSTRUCTIONS FOR VERSION 6.4 AND UP
Note: in the instructions below, the new certificate is called “ssl_wild_pkcs12.pfx” and the new passphrase is “secret”. Please replace these with the actual certificate name and passphrase.
Please upload the new certificate to /home/indeni on the Indeni server and then log into the Indeni server and run the following:
cd /usr/share/indeni-services cp /home/indeni/ssl_wild_pkcs12.pfx . chmod --reference=indeniserver.p12 ssl_wild_pkcs12.pfx cd /usr/share/indeni-services/vigile cp config.js config.js.org # edit the config file "vi config.js" or "nano config.js" # update the following two lines in the config.js file keystore: process.env.INDENI_KEYSTORE || “/usr/share/indeni-services/indeniserver.p12”, passphrase: process.env.KEYSTORE_PASSPHRASE || “l530s8qLHy”, # to keystore: process.env.INDENI_KEYSTORE || “/usr/share/indeni-services/ssl_wild_pkcs12.pfx”, passphrase: process.env.KEYSTORE_PASSPHRASE || “secret“, # save the file and exit cp config.js config.js.cert # restart the services sudo service indeni-vigile restart # refresh the browser used to access Indeni’s GUI and check the certificate
Note: the config.js file is overwritten by upgrades. Following an upgrade please log into the Indeni server and run the following:
cd /usr/share/indeni-services/vigile cp config.js.cert config.js # restart the services sudo service indeni-vigile restart # refresh the browser used to access Indeni’s GUI and check the certificate
How to Generate a CSR Certificate
Log into the Indeni server and via the CLI type the following:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
Then enter the required information. More detail around this process can be found here.