You are here

Replace the SSL Certificate for the Configuration Center

Affects version(s): 
4.2 (until 4.2.5.1)
4.1-11.xx

Since Airlock 4.2.6 the server certificate for the Configuration Center can be easily changed within the Configuration Center. Install the required certificate as usual for virtual hosts. Then switch to "System Setup" > "Nodes" and select the appropriate certificate under "Management Settings" on the Configuration Center. You want to get rid of your browsers certificate warning when accessing the Configuration Center?

This article explains how to replace the self-signed certificate with your own SSL certifiacte. All you need is a valid SSL server certificate and a fully installed Airlock. The SSL Certificate can either be self-signed or signed by a public certificate authority.

The server certificate and private key for the Configuration Center are stored in these files:

/opt/slt/ses/apache-ca/conf/ssl.crt
/opt/slt/ses/apache-ca/conf/ssl.key
To change your certificate do the following steps:

  • Open an secure shell to Airlock, login as user root and perform the following steps:
    # cd /opt/slt/ses/apache-ca/conf/ssl.crt
    # cp server.crt server.crt.org
    # cp cert_chain.crt cert_chain.crt.org
    # cd /opt/slt/ses/apache-ca/conf/ssl.key
    # cp server.key server.key.org

    Stop the Configuration Center Apache Server:
    # svcadm disable svc:/site/slt_apache_ca:default
  • Copy your new certificate (and any intermediate CA certificates) to /opt/slt/ses/apache-ca/conf/ssl.crt using SCP.
  • Copy your new corresponding private key file to /opt/slt/ses/apache-ca/conf/ssl.key using SCP.
  • Open an secure shell to Airlock, login as user root and perform the following steps:
    # cd /opt/slt/ses/apache-ca/conf
    # chown wwwca_in:wwwca ssl.crt/server.crt
    # chown wwwca_in:wwwca ssl.key/server.key
    # chmod 040 ssl.crt/server.crt
    # chmod 040 ssl.key/server.key
  • Restart Apache responsible for the Configuration Center:# svcadm enable svc:/site/slt_apache_ca:default
  • Now restart your browser and verify the certificate. Congratulations!
Knowledge Base Categories: