Apply Server Certificates

There are times when you will need to install or update certificates on your server. Please see the general instructions below to complete this task. Should you require assistance, please send a request to  [email protected].


Note: in the instructions below, the new certificate is called “ssl_wild_pkcs12.pfx” and the new passphrase is “secret”. Please replace these with the actual certificate name and passphrase.

Please upload the new certificate to /home/indeni on the Indeni server and then log into the Indeni server

INSTRUCTIONS FOR VERSION 8.1 AND UP

Version 8.1 introduces a method for persisting the setting of the Indeni server’s web certificate settings.

Please perform the following:

# edit the new parameter file in order to create it (if it doesn't exist)
vi /usr/share/indeni-services/vigile/ssl-config.json
# Insert the following with the relevant certificate name and secret:
{
  "keystore": "/usr/share/indeni-services/ssl_wild_pkcs12.pfx",
  "passphrase": "secret"
}
# Save the file and exit

# copy the acl settings from the default certificate
sudo chmod --reference=indeniserver.p12 ssl_wild_pkcs12.pfx

# restart the vigile service
sudo service indeni-vigile restart
# refresh the browser used to access Indeni’s GUI and check the certificate

INSTRUCTIONS FOR VERSION PRIOR TO 8.0

Please perform the following:


cd /usr/share/indeni-services
cp /home/indeni/ssl_wild_pkcs12.pfx . 
chmod --reference=indeniserver.p12 ssl_wild_pkcs12.pfx 
cd /usr/share/indeni-services/vigile 
cp config.js config.js.org
# edit the config file
"vi config.js" or "nano config.js"
# update the following two lines in the config.js file
keystore: process.env.INDENI_KEYSTORE || “/usr/share/indeni-services/indeniserver.p12”,
passphrase: process.env.KEYSTORE_PASSPHRASE || “l530s8qLHy”,
# to keystore:
process.env.INDENI_KEYSTORE || “/usr/share/indeni-services/ssl_wild_pkcs12.pfx”,
passphrase: process.env.KEYSTORE_PASSPHRASE || “secret“,
# save the file and exit
cp config.js config.js.cert
# restart the services
sudo service indeni-vigile restart
# refresh the browser used to access Indeni’s GUI and check the certificate

Note: the config.js file is overwritten by upgrades. Following an upgrade please log into the Indeni server and run the following:

cd /usr/share/indeni-services/vigile
cp config.js.cert config.js
# restart the services
sudo service indeni-vigile restart
# refresh the browser used to access Indeni’s GUI and check the certificate 

 

How to Generate a CSR Certificate

Log into the Indeni server and via the CLI type the following:

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Then enter the required information. More detail around this process can be found here.