08-18-2015 08:39 AM
Hi,
i want to install an signed certificate from our internal CA. How can i create a CSR from PCP so i am able to request a certificate from my CA?
Kind Regards,
Robert
Solved! Go to Solution.
08-18-2015 04:18 PM
Robert,
This is what I understand to be the process:
1. Generate private key
To generate the server private key:
/opt/cupm/httpd/bin/openssl genrsa -des3 -out server.key 2048
2. To generate the csr:
/opt/cupm/httpd/bin/openssl req -new -key server.key -out server.csr
3. Give this csr to generate the certificate - -this will be .crt file.
4. Then follow these steps after you have followed the third party CA Procedure
Upload the third party cert
A. If using a PCP 10.6 or later revision, use the Administration/Updates UI to load the cert.
B. If using an older PCP revision do the following:
- Copy the third party certificate and key file to /opt/cupm/httpd folder.
- Edit the following line in ssl.conf file using vi (located in /opt/cupm/httpd/conf) as follows:
SSLCertificateFile /opt/cupm/httpd/<your_own_cert_file>.crt
SSLCertificateKeyFile /opt/cupm/httpd/<your_own_key_file>.key
- Save the changes and close the file.
5. Restart the Apache server by using the following commands:
/opt/cupm/httpd/bin#./apachectl -k stop
/opt/cupm/httpd/bin# ./apachectl -k start -DSSL
vi commands:
Regards
08-18-2015 10:27 AM
It should be the same process as for 10.5, if not, simply look for this guide on 11.x
08-18-2015 11:45 AM
I tried this on our 11.0 PCP, but no luck. The guide is talking about Assurance. This is the Provisioning Manager we're looking at.
Thanks,
08-18-2015 04:18 PM
Robert,
This is what I understand to be the process:
1. Generate private key
To generate the server private key:
/opt/cupm/httpd/bin/openssl genrsa -des3 -out server.key 2048
2. To generate the csr:
/opt/cupm/httpd/bin/openssl req -new -key server.key -out server.csr
3. Give this csr to generate the certificate - -this will be .crt file.
4. Then follow these steps after you have followed the third party CA Procedure
Upload the third party cert
A. If using a PCP 10.6 or later revision, use the Administration/Updates UI to load the cert.
B. If using an older PCP revision do the following:
- Copy the third party certificate and key file to /opt/cupm/httpd folder.
- Edit the following line in ssl.conf file using vi (located in /opt/cupm/httpd/conf) as follows:
SSLCertificateFile /opt/cupm/httpd/<your_own_cert_file>.crt
SSLCertificateKeyFile /opt/cupm/httpd/<your_own_key_file>.key
- Save the changes and close the file.
5. Restart the Apache server by using the following commands:
/opt/cupm/httpd/bin#./apachectl -k stop
/opt/cupm/httpd/bin# ./apachectl -k start -DSSL
vi commands:
Regards
08-19-2015 02:38 AM
Hi Anthony,
thanks for your tip. Altough i am using version 11.0 bullet point 4.A did not work for me. I had to do it as bullet point 4.B describes it.
Thanks for your help.
Kind Regards,
Robert
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: