Administration Tasks Not Performed in the Web Manager : Replacing the Self-Signed Certificate With an SSL Certificate for HTTPS

Replacing the Self-Signed Certificate With an SSL Certificate for HTTPS
As described in HTTPS on the OnBoard Appliance, an OnBoard appliance administrator needs to replace the automatically-generated self signed certificate with an SSL certificate from an official certificate authority. The root user can follow the instructions in the following procedure to generate a certificate signing request; after obtaining the certificate from the CA, the root user then needs to install the public key and the certificate in the Apache web server on the OnBoard appliance.
To replace the self-signed certificate with one from a certificate authority:
1.
2.
Use openssl with the req parameter to create a private key and a public CSR (certificate signing request).
Use the command line shown in the following screen example.
[root@OnBoard /]# openssl req -new -nodes -keyout private.key -out \ public.csr
The utility prompts for information. The required information is shown in the following table. Any other requested information is not required.
Common Name (e.g., your name or your server’s hostname) []:
The generated request automatically includes the public key.
3.
After receiving the certificate from the CA, do the remaining steps.
4.
[root@OnBoard /] cat private.key-/etc/httpd/conf/ssl.key/server.key
5.
The following screen example uses cert.crt as the name of the certificate file from the CA, Substitute the correct name for your file.
[root@OnBoard /] cat cert.cert-/etc/httpd/conf/ssl.crt/server.crt
NOTE: By default, the /etc/httpd/conf/ssl.key/server.key and /etc/httpd/conf/ssl.crt/server.crt files are listed in
/etc/config_files so they can be automatically saved in the Flash memory whenever the saveconf command is run or the administrative user saves the configuration files using the Save button on the Mgmt-Backup/restore screen.
6.
Run the saveconf command to save the configuration in Flash.
7.
[root@OnBoard /] daemon.sh restart APACHE