Placing Signed SSL Certificates on the Appliances

Overview

Note: This document applies to Stratusphere version 6.6.1. For instructions on how to place signed SSL certificates on appliances using Stratusphere 6.6.0-2 and earlier versions, refer to the 6.6.0-2 or earlier versions of this document.

This document provides instructions on how to place signed SSL certificates on the Stratusphere Hub, Database, and Collector appliances. Apart from getting rid of the alarming warning each time the Stratusphere Hub Web UI is accessed, placing a signed SSL certificate provides verifiable identification and security compliance to administrator & users accessing the Web UI of Stratusphere.

If you are using a version of Stratusphere Hub, Database, and Collector older than 5.6.0, upgrade to the latest version or contact Support@Liquidware.com for additional information to upgrade.

Preparation

  1. Procure any change controls required to make changes to the production Stratusphere Hub & Database appliances.
  2. Acquire credentials of the console users as per the platform i.e., <username> as friend on VMware, Citrix, and Nutanix, ec2-user on AWS, azureuser on Azure, and root users to access the console of the Stratusphere Hub, Database, and Collector appliances.
  3. Procure access to the local console of the Stratusphere Hub, Database, and Collector Appliances depending on the hypervisor on which the Hub is housed. Alternatively, an SCP client such as Windows 10 Command Prompt and PuTTY can also be used to access the console of the Hub, Database, and Collector provided SSH (TCP/22) access is allowed to the appliances.
  4. Download and install your favorite SCP client such as WinSCP or FileZilla or similar to download certificate requests and upload the SSL Certificate files.
  5. Be aware that you will need to start the initial steps to prepare the SSL certificate request, pause in the middle of the instructions as you submit the request to the Certifying Authority (CA), and then receive your certificate. This may take minutes, hours, or even days depending on your CA. You will then use the new certificate to complete the process.

Scenarios

  1. Ad Hoc: Import and Install a PFX Certificate
  2. Traditional: Generate a Request, Import & Install an SSL certificate.

Scenario 1: Ad Hoc: Import and Install a PFX Certificate

This scenario applies when the IT or Security department created a certificate without using a request generated by a Stratusphere appliance. It walks the user through the steps to import the certificate, apply the right permissions, and then install it in the appropriate locations.

Instructions for the Stratusphere Hub & Collector Appliances

  1. Use your favorite SCP client, such as WinSCP, to upload the PFX file to /home/<username>/ (replace <username> with friend/ec2-user/azureuser) on the Hub or Collector using credentials for the <username> on your platform i.e., <username> as friend on VMware, Citrix, and Nutanix, ec2-user on AWS, and azureuser on Azure.
  2. Use your favorite SSH client, such as Windows 10 Command Prompt or PuTTY, to connect and log in using the credentials for <username> and run sudo bash to change to root user. When prompted, enter the password for your <username>.
  3. Export the certificate from the PFX file by running the following command on the command line (replace <username> as appropriate along with the OFX file name YOURCERTNAME):
  4. Copy
    openssl pkcs12 -in /home/<username>/YOURCERTNAME.pfx -clcerts -nokeys -out /home/<username>/ssl.crt.new
  5. Export the private key file from the PFX file:
  6. Copy
    openssl pkcs12 -in /home/<username>/YOURCERTNAME.pfx -nocerts -nodes -out /home/<username>/ssl.key.new
  7. Remove the passphrase from the private key (if needed):
  8. Copy
    openssl rsa -in /home/<username>/ssl.key.new -out /home/<username>/ssl.key.new
  9. Back up the working or existing certificate and key:
  10. Copy
    cp /etc/lwl/ssl/ssl.crt /etc/lwl/ssl/ssl.crt.backup
    cp /etc/lwl/ssl/ssl.key /etc/lwl/ssl/ssl.key.backup
  11. Copy the new certificate and key into the same location:
  12. Copy
    cp /home/<username>/ssl.crt.new /etc/lwl/ssl/ssl.crt
    cp /home/<username>/ssl.key.new /etc/lwl/ssl/ssl.key
  13. Update ownership, permissions, and the security context of the certificate and key:
  14. Copy
    chown root:root /etc/lwl/ssl/ssl.crt
    chmod 644 /etc/lwl/ssl/ssl.crt
    chmod 640 /etc/lwl/ssl/ssl.key
    restorecon -RF /etc/lwl/ssl
  15. Restart the Web Server to load the newly added SSL Certificate.
  16. On versions up to 6.1.1, use the following command:
  17. Copy
    /etc/init.d/httpd restart
  18. On versions 6.1.3, 6.1.4, use the following command:
  19. Copy
    /etc/init.d/lwl-httpd24 restart
  20. On versions 6.5.0 and higher, use the following command:
  21. Copy
    systemctl restart httpd
  22. Check that httpd is running:
  23. On versions up to 6.1.1, use the following command:
  24. Copy
    /etc/init.d/httpd status
  25. On versions 6.1.3, 6.1.4, use the following command:
  26. Copy
    /etc/init.d/lwl-httpd24 status
  27. On versions 6.5.0 and higher, use the following command:
  28. Copy
    systemctl status httpd
  29. If httpd restarted successfully after the cert was replaced, the Stratusphere Web UI should be accessible. Check that your browser shows the correct certificate.

Instructions for the Stratusphere Database Appliances

  1. Use your favorite SCP client, such as WinSCP, to upload the PFX file to /home/<username>/ (replace <username> with friend/ec2-user/azureuser) on the Database using credentials for the <username> on your platform i.e., <username> as friend on VMware, Citrix, and Nutanix, ec2-user on AWS, and azureuser on Azure.
  2. Use your favorite SSH client, such as Windows 10 Command Prompt or PuTTY, to connect and log in using the credentials for <username> and run sudo bash to change to root user. When prompted, enter the password for your <username>.
  3. Export the certificate from the PFX file by running the following command on the command line (replace <username> as appropriate along with the OFX file name YOURCERTNAME):
  4. Copy
    openssl pkcs12 -in /home/<username>/YOURCERTNAME.pfx -clcerts -nokeys -out /home/<username>/server.crt.new
  5. Export the private key file from the PFX file:
  6. Copy
    openssl pkcs12 -in /home/<username>/YOURCERTNAME.pfx -nocerts -nodes -out /home/<username>/server.key.new
  7. Remove the passphrase from the private key (if needed):
  8. Copy
    openssl rsa -in /home/<username>/server.key.new -out /home/<username>/server.key.new
  9. Back up the working or existing certificate and key:
  10. Copy
    cp /var/lib/pgsql/current/data/server.crt /var/lib/pgsql/current/data/server.crt.backup
    cp / var/lib/pgsql/current/data/server.key / var/lib/pgsql/current/data/server.key.backup
  11. Copy the new certificate and key into the same location:
  12. Copy
    cp /home/<username>/server.crt.new / var/lib/pgsql/current/data/server.crt
    cp /home/<username>/server.key.new / var/lib/pgsql/current/data/server.key
  13. Update ownership, permissions, and the security context of the certificate and key:
  14. Copy
    chown postgres:postgres / var/lib/pgsql/current/data/server.crt
    chmod 400 / var/lib/pgsql/current/data/server.crt
    chown postgres:postgres / var/lib/pgsql/current/data/server.key
    chmod 400 / var/lib/pgsql/current/data/server.key
  15. Restart the Postgres Database Server to load the newly added SSL Certificate.
  16. On versions prior to 6.5.0, use the following command:
  17. Copy
    /etc/init.d/postgresql<PRESS-TAB-KEY> restart
  18. On versions 6.5.0 and higher, use the following command:
  19. Copy
    systemctl restart postgresql-12
  20. Check whether the Postgres Database Server is running:
  21. On versions prior to 6.5.0, use the following command:
  22. Copy
    /etc/init.d/postgresql-<PRESS-TAB-KEY> status
  23. On versions 6.5.0 and higher, use the following command:
  24. Copy
    systemctl status postgresql-12
  25. If postgresql-12 service restarted successfully, then new certificate was accepted.

Scenario 2: Traditional: Generate a Request, Import, and Install an SSL Certificate

In this scenario, Stratusphere administrators will execute a script which prompts the end user for relevant inputs to create a certificate request. After entering information for the generation of the certificate request, the end user must download the certificate request file, send it to the Certifying Authority (CA) to receive the certificate back, and then place it back on the appliance to install it.

Instructions for the Stratusphere Hub Appliance

  1. Use your favorite SSH client, such as Windows 10 Command Prompt or PuTTY, to connect and log in to the Stratusphere Hub appliance console using the credentials for <username> on your platform i.e., <username> as friend on VMware, Citrix, and Nutanix, ec2-user on AWS, and azureuser on Azure. The default password is sspassword.
  2. Switch to the root user by executing the sudo bash command. When prompted, enter the password for your <username>.
  3. Execute the following command to begin the process of collecting details for the certificate request:
  4. Copy
    /opt/lwl/bin/createcsr.sh
  5. The script will prompt for the following items (press Enter to accept defaults within […]):
    1. Country Name (2 letter code) [US]:
    2. State of Province Name (full name) [Georgia]:
    3. Locality Name (e.g., city) [Alpharetta]:
    4. Organization Name (e.g., company) [Liquidware, Inc.]:
    5. Common Name (e.g., server FQDN or YOUR name) [lwl]: hub.domain.com
    6. Alternative DNS names (comma separated list) [lwl]: hub1.domain.com, hub2.domain.com
    7. The script will then generate the request and display the location where it is located:
    8. Copy
      Generating request...
      Request can be found here: /var/tmp/lwlreq.VhyY.csr.  Contents are:
      -----BEGIN CERTIFICATE REQUEST-----
      MIIC1DCCAbwCAQAwXTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3JnaWExEzAR
      BgNVBAcMCkFscGhhcmV0dGExGTAXBgNVBAoMEExpcXVpZHdhcmUsIEluYy4xDDAK
      BgNVBAMMA2x3bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANnK3M6H
      PBcTfyvMJKVy+T0bNC28c6iKESTAeiWiYUK73MFld9UKX1XIELesxJapFZfpbVaG
      qt0uXnK4cgyGdsLuWjsDTP66BHRsclBnWwNt93RJAttqblML7ug7xQPdoHTE7TH7
      J3YrCkGcJsHT1laxgZlHaJzIt7QMmE81W3c0AFyLu82OOsIXrkGvoefi1G4HWxl9
      F6qUQ61YhMppJvv+LWI76bc05+DB/cpR7KqvX+r6fmwoEp0vlAD63xBgoTP/kZ1z
      e1v44hDZ8f2uIAAqURt6ZsYv64yq9Us6ev7JfJSGdU2NkfoNpeIPF09kq3wzgNHH
      y00LK08Bpdjnm8ECAwEAAaAyMDAGCSqGSIb3DQEJDjEjMCEwHwYDVR0RBBgwFoIJ
      aG9zdG5hbWUxgglob3N0bmFtZTIwDQYJKoZIhvcNAQELBQADggEBAIt+0MN0h6/w
      rKfvy3PH3XtkJpgHjiK3HsjAFCjtn+RBGSFo/oSFXjPk77ECk5cZo7RRk1I+aGbO
      gCV9A8TmPcVV9JwBSpAY6+pu9Ss/HYd+MkfdBZ3rZWicL1D0LZzGuDiuLek4iHEu
      rqtmqfoz9oXD3wa//AY0DzYFa/h9Xo3m79St1owCOKowYL8W/KQMYKHJnV4YxlBO
      whseGnqR4GcnpyGbl7nJt1wVmXKgCABYYN5KvJbZ58UjJtCIYyn1mZxHbMvCzguU
      hkLU8FvF3ZB4+JSfWDJuHBySnLh5WLr9CBjXRgxG/MRj58oGv2G0PZz+pfPLCj2A
      buySxtt9h1A=
      -----END CERTIFICATE REQUEST-----
      This file can be copied off or the contents pasted to obtain a certificate
  6. The certificate request is generated in the following location with a .csr extension:
  7. Copy
    /var/tmp/<certrequest>.csr
  8. Enter the following to change ownership of the file so that it is accessible using the <username> on the platform (e.g., friend or ec2-user or azureuser user).
  9. Copy
    chown friend:friend /var/tmp/<certrequest>.csr
  10. Use your favorite SCP client, such as WinSCP or similar software, to connect to the appliance using its IP or DNS address, with SCP protocol and connecting to Port 22 using the credentials of the platform <username> (e.g., friend or ec2-user or azureuser user) to download this certificate request from /var/tmp/<certrequest>.csr file to your local desktop.
  11. Provide this certificate request file to your security provider or Certifying Authority and request that they provide the SSL Certificate specifically in base64 / PEM format. For these instructions, we will call the SSL Certificate file sslcert.crt. When you see references to sslcert.crt in this document, you should substitute the actual name of the SSL Certificate file you received from your security provider or Certifying Authority.
  12. Important: Pause here until you receive your SSL certificate from your provider, then complete the process using the following instructions.

  13. Use your favorite SCP client, such as WinSCP or similar software, to connect to the appliance using its IP or DNS address, with SCP protocol and connecting to Port 22 using the credentials of the platform <username> (e.g., friend or ec2-user or azureuser user) to upload the sslcert.crt SSL Certificate file to your Stratusphere Hub or Collector in the /home/friend/sslcert.crt location.
  14. Now back within your SSH client window on the Stratusphere Hub console, while still logged in as the root user, make a copy the original SSL certificate as a backup:
  15. Copy
    cp /etc/lwl/ssl/ssl.crt /etc/lwl/ssl/ssl.crt.orig
  16. Place the new certificate in place of the original and modify the file permissions as follows:
  17. Copy
    mv /home/friend/sslcert.crt /etc/lwl/ssl/ssl.crt
    chown root:root /etc/lwl/ssl/ssl.crt
    chmod 644 /etc/lwl/ssl/ssl.crt
    restorecon -RF /etc/lwl/ssl
  18. Restart the Web Server to load the newly added SSL Certificate.
  19. Copy
    systemctl restart httpd
  20. If the above command restarts with no errors, the new certificate has been accepted by the web server. Using your browser of choice, log in to the Stratusphere Hub Web UI. Ensure that the UI Login page shows with no certificate related warning. Also verify the information within the certificate provided by the browser address bar.

Instructions for the Stratusphere Database Appliance

  1. Use your favorite SSH client, such as Windows 10 Command Prompt or PuTTY, to connect and log in to the Stratusphere Database appliance local console using the credentials for <username> on your platform i.e., <username> as friend on VMware, Citrix, and Nutanix, ec2-user on AWS, and azureuser on Azure. The default password is sspassword.
  2. Switch to the root user by executing the sudo bash command. When prompted, enter the password for your <username>.
  3. Execute the following command to begin the process of collecting details for the certificate request:
  4. Copy
    /opt/lwl/bin/createcsr.sh
  5. The script will prompt for the following items (press Enter to accept defaults within […]):
    1. Country Name (2 letter code) [US]:
    2. State of Province Name (full name) [Georgia]:
    3. Locality Name (e.g., city) [Alpharetta]:
    4. Organization Name (e.g., company) [Liquidware, Inc.]:
    5. Common Name (e.g., server FQDN or YOUR name) [lwl]: db.domain.com
    6. Alternative DNS names (comma separated list) [lwl]: db1.domain.com, db2.domain.com
    7. The script will then generate the request and display the location where it is located:
    8. Copy
      Generating request...

      Request can be found here: /var/tmp/lwlreq.VhyY.csr.  Contents are:

      -----BEGIN CERTIFICATE REQUEST-----

      MIIC1DCCAbwCAQAwXTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3JnaWExEzAR

      BgNVBAcMCkFscGhhcmV0dGExGTAXBgNVBAoMEExpcXVpZHdhcmUsIEluYy4xDDAK

      BgNVBAMMA2x3bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANnK3M6H

      PBcTfyvMJKVy+T0bNC28c6iKESTAeiWiYUK73MFld9UKX1XIELesxJapFZfpbVaG

      qt0uXnK4cgyGdsLuWjsDTP66BHRsclBnWwNt93RJAttqblML7ug7xQPdoHTE7TH7

      J3YrCkGcJsHT1laxgZlHaJzIt7QMmE81W3c0AFyLu82OOsIXrkGvoefi1G4HWxl9

      F6qUQ61YhMppJvv+LWI76bc05+DB/cpR7KqvX+r6fmwoEp0vlAD63xBgoTP/kZ1z

      e1v44hDZ8f2uIAAqURt6ZsYv64yq9Us6ev7JfJSGdU2NkfoNpeIPF09kq3wzgNHH

      y00LK08Bpdjnm8ECAwEAAaAyMDAGCSqGSIb3DQEJDjEjMCEwHwYDVR0RBBgwFoIJ

      aG9zdG5hbWUxgglob3N0bmFtZTIwDQYJKoZIhvcNAQELBQADggEBAIt+0MN0h6/w

      rKfvy3PH3XtkJpgHjiK3HsjAFCjtn+RBGSFo/oSFXjPk77ECk5cZo7RRk1I+aGbO

      gCV9A8TmPcVV9JwBSpAY6+pu9Ss/HYd+MkfdBZ3rZWicL1D0LZzGuDiuLek4iHEu

      rqtmqfoz9oXD3wa//AY0DzYFa/h9Xo3m79St1owCOKowYL8W/KQMYKHJnV4YxlBO

      whseGnqR4GcnpyGbl7nJt1wVmXKgCABYYN5KvJbZ58UjJtCIYyn1mZxHbMvCzguU

      hkLU8FvF3ZB4+JSfWDJuHBySnLh5WLr9CBjXRgxG/MRj58oGv2G0PZz+pfPLCj2A

      buySxtt9h1A=

      -----END CERTIFICATE REQUEST-----

      This file can be copied off or the contents pasted to obtain a certificate
  6. The certificate request is generated in the following location with a .csr extension:
  7. Copy
    /var/tmp/<certrequest>.csr
  8. Enter the following to change ownership of the file so that it is accessible using the <username> on the platform (e.g., friend or ec2-user or azureuser user).
  9. Copy
    chown friend:friend /var/tmp/<certrequest>.csr
  10. Use your favorite SCP client, such as WinSCP or similar software, to connect to the appliance using its IP or DNS address, with SCP protocol and connecting to Port 22 using the credentials of the platform <username> (e.g., friend or ec2-user or azureuser user) to download this certificate request from the /var/tmp/<certrequest>.csr file to your local desktop.
  11. Provide this certificate request file to your security provider or Certifying Authority and request that they provide the SSL Certificate specifically in base64 / PEM format. For these instructions, we will call the SSL Certificate file dbsslcert.crt. When you see references to server.crt in this document, you should substitute the actual name of the SSL Certificate file you received from your security provider or Certifying Authority.
  12. Important: Pause here until you receive your SSL certificate from your provider, then complete the process using the following instructions.

  13. Use your favorite SCP client, such as WinSCP or similar software, to connect to the appliance using its IP or DNS address, with SCP protocol and connecting to Port 22 using the credentials of the platform <username> (e.g., friend or ec2-user or azureuser user) to upload the server.crt SSL Certificate file to your Stratusphere Hub in the /home/friend/server.crt location.
  14. Now back within your SSH client window on the Stratusphere Datbase local console, while still logged in as the root user, make a copy the original SSL certificate as a backup:
  15. Copy
    cp /var/lib/pgsql/current/data/server.crt /var/lib/pgsql/current/data/server.crt.orig
  16. Place the new certificate in place of the original and modify the file permissions as follows:
  17. Copy
    mv /home/friend/server.crt /var/lib/pgsql/current/data/server.crt
    chown postgres:postgres / var/lib/pgsql/current/data/server.crt
    chmod 644 / var/lib/pgsql/current/data/server.crt
  18. Restart the database server to load the newly added SQL Certificate:
  19. Copy
    systemctl restart postgresql-12
  20. If the postgresql service starts without displaying any errors, then the new certificate has been accepted.

Instructions for the Stratusphere Collector Appliance

  1. Use your favorite SSH client, such as Windows 10 Command Prompt or PuTTY, to connect and log in to the Stratusphere Collector appliance console using the credentials for <username> on your platform i.e., <username> as friend on VMware, Citrix, and Nutanix, ec2-user on AWS, and azureuser on Azure. The default password is sspassword.
  2. Switch to the root user by executing the sudo bash command. When prompted, enter the password for your <username>.
  3. Execute the following command to begin the process of collecting details for the certificate request:
  4. Copy
    /opt/lwl/bin/createcsr.sh
  5. The script will prompt for the following items (press Enter to accept defaults within […]):
    1. Country Name (2 letter code) [US]:
    2. State of Province Name (full name) [Georgia]:
    3. Locality Name (e.g., city) [Alpharetta]:
    4. Organization Name (e.g., company) [Liquidware, Inc.]:
    5. Common Name (e.g., server FQDN or YOUR name) [lwl]: col.domain.com
    6. Alternative DNS names (comma separated list) [lwl]: col1.domain.com, col2.domain.com
    7. The script will then generate the request and display the location where it is located:
    8. Copy
      Generating request...
      Request can be found here: /var/tmp/lwlreq.VhyY.csr.  Contents are:
      -----BEGIN CERTIFICATE REQUEST-----
      MIIC1DCCAbwCAQAwXTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3JnaWExEzAR
      BgNVBAcMCkFscGhhcmV0dGExGTAXBgNVBAoMEExpcXVpZHdhcmUsIEluYy4xDDAK
      BgNVBAMMA2x3bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANnK3M6H
      PBcTfyvMJKVy+T0bNC28c6iKESTAeiWiYUK73MFld9UKX1XIELesxJapFZfpbVaG
      qt0uXnK4cgyGdsLuWjsDTP66BHRsclBnWwNt93RJAttqblML7ug7xQPdoHTE7TH7
      J3YrCkGcJsHT1laxgZlHaJzIt7QMmE81W3c0AFyLu82OOsIXrkGvoefi1G4HWxl9
      F6qUQ61YhMppJvv+LWI76bc05+DB/cpR7KqvX+r6fmwoEp0vlAD63xBgoTP/kZ1z
      e1v44hDZ8f2uIAAqURt6ZsYv64yq9Us6ev7JfJSGdU2NkfoNpeIPF09kq3wzgNHH
      y00LK08Bpdjnm8ECAwEAAaAyMDAGCSqGSIb3DQEJDjEjMCEwHwYDVR0RBBgwFoIJ
      aG9zdG5hbWUxgglob3N0bmFtZTIwDQYJKoZIhvcNAQELBQADggEBAIt+0MN0h6/w
      rKfvy3PH3XtkJpgHjiK3HsjAFCjtn+RBGSFo/oSFXjPk77ECk5cZo7RRk1I+aGbO
      gCV9A8TmPcVV9JwBSpAY6+pu9Ss/HYd+MkfdBZ3rZWicL1D0LZzGuDiuLek4iHEu
      rqtmqfoz9oXD3wa//AY0DzYFa/h9Xo3m79St1owCOKowYL8W/KQMYKHJnV4YxlBO
      whseGnqR4GcnpyGbl7nJt1wVmXKgCABYYN5KvJbZ58UjJtCIYyn1mZxHbMvCzguU
      hkLU8FvF3ZB4+JSfWDJuHBySnLh5WLr9CBjXRgxG/MRj58oGv2G0PZz+pfPLCj2A
      buySxtt9h1A=
      -----END CERTIFICATE REQUEST-----
      This file can be copied off or the contents pasted to obtain a certificate
  6. The certificate request is generated in the following location with a .csr extension:
  7. Copy
    /var/tmp/<certrequest>.csr
  8. Enter the following to change ownership of the file so that it is accessible using the <username> on the platform (e.g., friend or ec2-user or azureuser user).
  9. Copy
    chown friend:friend /var/tmp/<certrequest>.csr
  10. Use your favorite SCP client, such as WinSCP or similar software, to connect to the appliance using its IP or DNS address, with SCP protocol and connecting to Port 22 using the credentials of the platform <username> (e.g., friend or ec2-user or azureuser user) to download this certificate request from /var/tmp/<certrequest>.csr file to your local desktop.
  11. Provide this certificate request file to your security provider or Certifying Authority and request that they provide the SSL Certificate specifically in base64 / PEM format. For these instructions, we will call the SSL Certificate file sslcert.crt. When you see references to sslcert.crt in this document, you should substitute the actual name of the SSL Certificate file you received from your security provider or Certifying Authority.
  12. Important: Pause here until you receive your SSL certificate from your provider, then complete the process using the following instructions.

  13. Use your favorite SCP client, such as WinSCP or similar software, to connect to the appliance using its IP or DNS address, with SCP protocol and connecting to Port 22 using the credentials of the platform <username> (e.g., friend or ec2-user or azureuser user) to upload the sslcert.crt SSL Certificate file to your Stratusphere Collector in the /home/friend/sslcert.crt location.
  14. Now back within your SSH client window on the Stratusphere Collector local console, while still logged in as the root user, make a copy the original SSL certificate as a backup:
  15. Copy
    cp /etc/lwl/ssl/ssl.crt /etc/lwl/ssl/ssl.crt.orig
  16. Place the new certificate in place of the original and modify the file permissions as follows:
  17. Copy
    mv /home/friend/sslcert.crt /etc/lwl/ssl/ssl.crt
    chown root:root /etc/lwl/ssl/ssl.crt
    chmod 644 /etc/lwl/ssl/ssl.crt
    restorecon -RF /etc/lwl/ssl
  18. Restart the Web Server to load the newly added SSL Certificate.
  19. Copy
    systemctl restart httpd
  20. If the above command restarts with no errors, the new certificate has been accepted by the web server.
  21.