Placing Signed SSL Certificates on the Appliances

Overview

Note: This document applies to Stratusphere version 6.6.1. For instructions on how to place signed SSL certificates on appliances using Stratusphere 6.6.0-2 and earlier versions, refer to the 6.6.0-2 or earlier versions of this document.

This document provides instructions on how to place signed SSL certificates on the Stratusphere Hub, Database, and Collector appliances. Apart from getting rid of the alarming warning each time the Stratusphere Hub Web UI is accessed, placing a signed SSL certificate provides verifiable identification and security compliance to administrator & users accessing the Web UI of Stratusphere.

If you are using a version of Stratusphere Hub, Database, and Collector older than 5.6.0, upgrade to the latest version or contact Support@Liquidware.com for additional information to upgrade.

Preparation

1. Procure any change controls required to make changes to the production Stratusphere Hub & Database appliances.
2. Acquire credentials of the console users as per the platform i.e., <username> as friend on VMware, Citrix, and Nutanix, ec2-user on AWS, azureuser on Azure, and root users to access the console of the Stratusphere Hub, Database, and Collector appliances.
3. Procure access to the local console of the Stratusphere Hub, Database, and Collector Appliances depending on the hypervisor on which the Hub is housed. Alternatively, an SCP client such as Windows 10 Command Prompt and PuTTY can also be used to access the console of the Hub, Database, and Collector provided SSH (TCP/22) access is allowed to the appliances.
4. Download and install your favorite SCP client such as WinSCP or FileZilla or similar to download certificate requests and upload the SSL Certificate files.
5. Be aware that you will need to start the initial steps to prepare the SSL certificate request, pause in the middle of the instructions as you submit the request to the Certifying Authority (CA), and then receive your certificate. This may take minutes, hours, or even days depending on your CA. You will then use the new certificate to complete the process.

Scenarios

1. Ad Hoc: Import and Install a PFX Certificate
2. Traditional: Generate a Request, Import & Install an SSL certificate.

Scenario 1: Ad Hoc: Import and Install a PFX Certificate

This scenario applies when the IT or Security department created a certificate without using a request generated by a Stratusphere appliance. It walks the user through the steps to import the certificate, apply the right permissions, and then install it in the appropriate locations.

Instructions for the Stratusphere Hub & Collector Appliances

1. Use your favorite SCP client, such as WinSCP, to upload the PFX file to /home/<username>/ (replace <username> with friend/ec2-user/azureuser) on the Hub or Collector using credentials for the <username> on your platform i.e., <username> as friend on VMware, Citrix, and Nutanix, ec2-user on AWS, and azureuser on Azure.
2. Use your favorite SSH client, such as Windows 10 Command Prompt or PuTTY, to connect and log in using the credentials for <username> and run sudo bash to change to root user. When prompted, enter the password for your <username>.
3. Export the certificate from the PFX file by running the following command on the command line (replace <username> as appropriate along with the OFX file name YOURCERTNAME):
4. Copy

   openssl pkcs12 -in /home/<username>/YOURCERTNAME.pfx -clcerts -nokeys -out /home/<username>/ssl.crt.new

4. Export the private key file from the PFX file:
5. Copy

   openssl pkcs12 -in /home/<username>/YOURCERTNAME.pfx -nocerts -nodes -out /home/<username>/ssl.key.new

5. Remove the passphrase from the private key (if needed):
6. Copy

   openssl rsa -in /home/<username>/ssl.key.new -out /home/<username>/ssl.key.new

6. Back up the working or existing certificate and key:
7. Copy

   cp /etc/lwl/ssl/ssl.crt /etc/lwl/ssl/ssl.crt.backup
   cp /etc/lwl/ssl/ssl.key /etc/lwl/ssl/ssl.key.backup

7. Copy the new certificate and key into the same location:
8. Copy

   cp /home/<username>/ssl.crt.new /etc/lwl/ssl/ssl.crt
   cp /home/<username>/ssl.key.new /etc/lwl/ssl/ssl.key

8. Update ownership, permissions, and the security context of the certificate and key:
9. Copy

   chown root:root /etc/lwl/ssl/ssl.crt
   chmod 644 /etc/lwl/ssl/ssl.crt
   chmod 640 /etc/lwl/ssl/ssl.key
   restorecon -RF /etc/lwl/ssl

9. Restart the Web Server to load the newly added SSL Certificate.
10. On versions up to 6.1.1, use the following command:
11. Copy

    /etc/init.d/httpd restart

12. On versions 6.1.3, 6.1.4, use the following command:
13. Copy

    /etc/init.d/lwl-httpd24 restart

14. On versions 6.5.0 and higher, use the following command:
15. Copy

    systemctl restart httpd

10. Check that httpd is running:
11. On versions up to 6.1.1, use the following command:
12. Copy

    /etc/init.d/httpd status

13. On versions 6.1.3, 6.1.4, use the following command:
14. Copy

    /etc/init.d/lwl-httpd24 status

15. On versions 6.5.0 and higher, use the following command:
16. Copy

    systemctl status httpd

11. If httpd restarted successfully after the cert was replaced, the Stratusphere Web UI should be accessible. Check that your browser shows the correct certificate.

Instructions for the Stratusphere Database Appliances

1. Use your favorite SCP client, such as WinSCP, to upload the PFX file to /home/<username>/ (replace <username> with friend/ec2-user/azureuser) on the Database using credentials for the <username> on your platform i.e., <username> as friend on VMware, Citrix, and Nutanix, ec2-user on AWS, and azureuser on Azure.
2. Use your favorite SSH client, such as Windows 10 Command Prompt or PuTTY, to connect and log in using the credentials for <username> and run sudo bash to change to root user. When prompted, enter the password for your <username>.
3. Export the certificate from the PFX file by running the following command on the command line (replace <username> as appropriate along with the OFX file name YOURCERTNAME):
4. Copy

   openssl pkcs12 -in /home/<username>/YOURCERTNAME.pfx -clcerts -nokeys -out /home/<username>/server.crt.new

4. Export the private key file from the PFX file:
5. Copy

   openssl pkcs12 -in /home/<username>/YOURCERTNAME.pfx -nocerts -nodes -out /home/<username>/server.key.new

5. Remove the passphrase from the private key (if needed):
6. Copy

   openssl rsa -in /home/<username>/server.key.new -out /home/<username>/server.key.new

6. Back up the working or existing certificate and key:
7. Copy

   cp /var/lib/pgsql/current/data/server.crt /var/lib/pgsql/current/data/server.crt.backup
   cp / var/lib/pgsql/current/data/server.key / var/lib/pgsql/current/data/server.key.backup

7. Copy the new certificate and key into the same location:
8. Copy

   cp /home/<username>/server.crt.new / var/lib/pgsql/current/data/server.crt
   cp /home/<username>/server.key.new / var/lib/pgsql/current/data/server.key

8. Update ownership, permissions, and the security context of the certificate and key:
9. Copy

   chown postgres:postgres / var/lib/pgsql/current/data/server.crt
   chmod 400 / var/lib/pgsql/current/data/server.crt
   chown postgres:postgres / var/lib/pgsql/current/data/server.key
   chmod 400 / var/lib/pgsql/current/data/server.key

9. Restart the Postgres Database Server to load the newly added SSL Certificate.
10. On versions prior to 6.5.0, use the following command:
11. Copy

    /etc/init.d/postgresql<PRESS-TAB-KEY> restart

12. On versions 6.5.0 and higher, use the following command:
13. Copy

    systemctl restart postgresql-12

10. Check whether the Postgres Database Server is running:
11. On versions prior to 6.5.0, use the following command:
12. Copy

    /etc/init.d/postgresql-<PRESS-TAB-KEY> status

13. On versions 6.5.0 and higher, use the following command:
14. Copy

    systemctl status postgresql-12

15. If postgresql-12 service restarted successfully, then new certificate was accepted.

Scenario 2: Traditional: Generate a Request, Import, and Install an SSL Certificate

In this scenario, Stratusphere administrators will execute a script which prompts the end user for relevant inputs to create a certificate request. After entering information for the generation of the certificate request, the end user must download the certificate request file, send it to the Certifying Authority (CA) to receive the certificate back, and then place it back on the appliance to install it.

Instructions for the Stratusphere Hub Appliance

1. Use your favorite SSH client, such as Windows 10 Command Prompt or PuTTY, to connect and log in to the Stratusphere Hub appliance console using the credentials for <username> on your platform i.e., <username> as friend on VMware, Citrix, and Nutanix, ec2-user on AWS, and azureuser on Azure. The default password is sspassword.
2. Switch to the root user by executing the sudo bash command. When prompted, enter the password for your <username>.
3. Execute the following command to begin the process of collecting details for the certificate request:
4. Copy

   /opt/lwl/bin/createcsr.sh

4. The script will prompt for the following items (press Enter to accept defaults within […]):
   1. Country Name (2 letter code) [US]:
   2. State of Province Name (full name) [Georgia]:
   3. Locality Name (e.g., city) [Alpharetta]:
   4. Organization Name (e.g., company) [Liquidware, Inc.]:
   5. Common Name (e.g., server FQDN or YOUR name) [lwl]: hub.domain.com
   6. Alternative DNS names (comma separated list) [lwl]: hub1.domain.com, hub2.domain.com
   7. The script will then generate the request and display the location where it is located:
   8. Copy

      Generating request...
      Request can be found here: /var/tmp/lwlreq.VhyY.csr.  Contents are:
      -----BEGIN CERTIFICATE REQUEST-----
      MIIC1DCCAbwCAQAwXTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3JnaWExEzAR
      BgNVBAcMCkFscGhhcmV0dGExGTAXBgNVBAoMEExpcXVpZHdhcmUsIEluYy4xDDAK
      BgNVBAMMA2x3bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANnK3M6H
      PBcTfyvMJKVy+T0bNC28c6iKESTAeiWiYUK73MFld9UKX1XIELesxJapFZfpbVaG
      qt0uXnK4cgyGdsLuWjsDTP66BHRsclBnWwNt93RJAttqblML7ug7xQPdoHTE7TH7
      J3YrCkGcJsHT1laxgZlHaJzIt7QMmE81W3c0AFyLu82OOsIXrkGvoefi1G4HWxl9
      F6qUQ61YhMppJvv+LWI76bc05+DB/cpR7KqvX+r6fmwoEp0vlAD63xBgoTP/kZ1z
      e1v44hDZ8f2uIAAqURt6ZsYv64yq9Us6ev7JfJSGdU2NkfoNpeIPF09kq3wzgNHH
      y00LK08Bpdjnm8ECAwEAAaAyMDAGCSqGSIb3DQEJDjEjMCEwHwYDVR0RBBgwFoIJ
      aG9zdG5hbWUxgglob3N0bmFtZTIwDQYJKoZIhvcNAQELBQADggEBAIt+0MN0h6/w
      rKfvy3PH3XtkJpgHjiK3HsjAFCjtn+RBGSFo/oSFXjPk77ECk5cZo7RRk1I+aGbO
      gCV9A8TmPcVV9JwBSpAY6+pu9Ss/HYd+MkfdBZ3rZWicL1D0LZzGuDiuLek4iHEu
      rqtmqfoz9oXD3wa//AY0DzYFa/h9Xo3m79St1owCOKowYL8W/KQMYKHJnV4YxlBO
      whseGnqR4GcnpyGbl7nJt1wVmXKgCABYYN5KvJbZ58UjJtCIYyn1mZxHbMvCzguU
      hkLU8FvF3ZB4+JSfWDJuHBySnLh5WLr9CBjXRgxG/MRj58oGv2G0PZz+pfPLCj2A
      buySxtt9h1A=
      -----END CERTIFICATE REQUEST-----
      This file can be copied off or the contents pasted to obtain a certificate

5. The certificate request is generated in the following location with a .csr extension:
6. Copy

   /var/tmp/<certrequest>.csr

6. Enter the following to change ownership of the file so that it is accessible using the <username> on the platform (e.g., friend or ec2-user or azureuser user).
7. Copy

   chown friend:friend /var/tmp/<certrequest>.csr

7. Use your favorite SCP client, such as WinSCP or similar software, to connect to the appliance using its IP or DNS address, with SCP protocol and connecting to Port 22 using the credentials of the platform <username> (e.g., friend or ec2-user or azureuser user) to download this certificate request from /var/tmp/<certrequest>.csr file to your local desktop.
8. Provide this certificate request file to your security provider or Certifying Authority and request that they provide the SSL Certificate specifically in base64 / PEM format. For these instructions, we will call the SSL Certificate file sslcert.crt. When you see references to sslcert.crt in this document, you should substitute the actual name of the SSL Certificate file you received from your security provider or Certifying Authority.

9. Important: Pause here until you receive your SSL certificate from your provider, then complete the process using the following instructions.

9. Use your favorite SCP client, such as WinSCP or similar software, to connect to the appliance using its IP or DNS address, with SCP protocol and connecting to Port 22 using the credentials of the platform <username> (e.g., friend or ec2-user or azureuser user) to upload the sslcert.crt SSL Certificate file to your Stratusphere Hub or Collector in the /home/friend/sslcert.crt location.
10. Now back within your SSH client window on the Stratusphere Hub console, while still logged in as the root user, make a copy the original SSL certificate as a backup:
11. Copy

    cp /etc/lwl/ssl/ssl.crt /etc/lwl/ssl/ssl.crt.orig

11. Place the new certificate in place of the original and modify the file permissions as follows:
12. Copy

    mv /home/friend/sslcert.crt /etc/lwl/ssl/ssl.crt
    chown root:root /etc/lwl/ssl/ssl.crt
    chmod 644 /etc/lwl/ssl/ssl.crt
    restorecon -RF /etc/lwl/ssl

12. Restart the Web Server to load the newly added SSL Certificate.
13. Copy

    systemctl restart httpd

13. If the above command restarts with no errors, the new certificate has been accepted by the web server. Using your browser of choice, log in to the Stratusphere Hub Web UI. Ensure that the UI Login page shows with no certificate related warning. Also verify the information within the certificate provided by the browser address bar.

Instructions for the Stratusphere Database Appliance

1. Use your favorite SSH client, such as Windows 10 Command Prompt or PuTTY, to connect and log in to the Stratusphere Database appliance local console using the credentials for <username> on your platform i.e., <username> as friend on VMware, Citrix, and Nutanix, ec2-user on AWS, and azureuser on Azure. The default password is sspassword.
2. Switch to the root user by executing the sudo bash command. When prompted, enter the password for your <username>.
3. Execute the following command to begin the process of collecting details for the certificate request:
4. Copy

   /opt/lwl/bin/createcsr.sh

4. The script will prompt for the following items (press Enter to accept defaults within […]):
   1. Country Name (2 letter code) [US]:
   2. State of Province Name (full name) [Georgia]:
   3. Locality Name (e.g., city) [Alpharetta]:
   4. Organization Name (e.g., company) [Liquidware, Inc.]:
   5. Common Name (e.g., server FQDN or YOUR name) [lwl]: db.domain.com
   6. Alternative DNS names (comma separated list) [lwl]: db1.domain.com, db2.domain.com
   7. The script will then generate the request and display the location where it is located:
   8. Copy

      Generating request...
      
      Request can be found here: /var/tmp/lwlreq.VhyY.csr.  Contents are:
      
      -----BEGIN CERTIFICATE REQUEST-----
      
      MIIC1DCCAbwCAQAwXTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3JnaWExEzAR
      
      BgNVBAcMCkFscGhhcmV0dGExGTAXBgNVBAoMEExpcXVpZHdhcmUsIEluYy4xDDAK
      
      BgNVBAMMA2x3bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANnK3M6H
      
      PBcTfyvMJKVy+T0bNC28c6iKESTAeiWiYUK73MFld9UKX1XIELesxJapFZfpbVaG
      
      qt0uXnK4cgyGdsLuWjsDTP66BHRsclBnWwNt93RJAttqblML7ug7xQPdoHTE7TH7
      
      J3YrCkGcJsHT1laxgZlHaJzIt7QMmE81W3c0AFyLu82OOsIXrkGvoefi1G4HWxl9
      
      F6qUQ61YhMppJvv+LWI76bc05+DB/cpR7KqvX+r6fmwoEp0vlAD63xBgoTP/kZ1z
      
      e1v44hDZ8f2uIAAqURt6ZsYv64yq9Us6ev7JfJSGdU2NkfoNpeIPF09kq3wzgNHH
      
      y00LK08Bpdjnm8ECAwEAAaAyMDAGCSqGSIb3DQEJDjEjMCEwHwYDVR0RBBgwFoIJ
      
      aG9zdG5hbWUxgglob3N0bmFtZTIwDQYJKoZIhvcNAQELBQADggEBAIt+0MN0h6/w
      
      rKfvy3PH3XtkJpgHjiK3HsjAFCjtn+RBGSFo/oSFXjPk77ECk5cZo7RRk1I+aGbO
      
      gCV9A8TmPcVV9JwBSpAY6+pu9Ss/HYd+MkfdBZ3rZWicL1D0LZzGuDiuLek4iHEu
      
      rqtmqfoz9oXD3wa//AY0DzYFa/h9Xo3m79St1owCOKowYL8W/KQMYKHJnV4YxlBO
      
      whseGnqR4GcnpyGbl7nJt1wVmXKgCABYYN5KvJbZ58UjJtCIYyn1mZxHbMvCzguU
      
      hkLU8FvF3ZB4+JSfWDJuHBySnLh5WLr9CBjXRgxG/MRj58oGv2G0PZz+pfPLCj2A
      
      buySxtt9h1A=
      
      -----END CERTIFICATE REQUEST-----
      
      This file can be copied off or the contents pasted to obtain a certificate

5. The certificate request is generated in the following location with a .csr extension:
6. Copy

   /var/tmp/<certrequest>.csr

6. Enter the following to change ownership of the file so that it is accessible using the <username> on the platform (e.g., friend or ec2-user or azureuser user).
7. Copy

   chown friend:friend /var/tmp/<certrequest>.csr

7. Use your favorite SCP client, such as WinSCP or similar software, to connect to the appliance using its IP or DNS address, with SCP protocol and connecting to Port 22 using the credentials of the platform <username> (e.g., friend or ec2-user or azureuser user) to download this certificate request from the /var/tmp/<certrequest>.csr file to your local desktop.
8. Provide this certificate request file to your security provider or Certifying Authority and request that they provide the SSL Certificate specifically in base64 / PEM format. For these instructions, we will call the SSL Certificate file dbsslcert.crt. When you see references to server.crt in this document, you should substitute the actual name of the SSL Certificate file you received from your security provider or Certifying Authority.

9. Important: Pause here until you receive your SSL certificate from your provider, then complete the process using the following instructions.

9. Use your favorite SCP client, such as WinSCP or similar software, to connect to the appliance using its IP or DNS address, with SCP protocol and connecting to Port 22 using the credentials of the platform <username> (e.g., friend or ec2-user or azureuser user) to upload the server.crt SSL Certificate file to your Stratusphere Hub in the /home/friend/server.crt location.
10. Now back within your SSH client window on the Stratusphere Datbase local console, while still logged in as the root user, make a copy the original SSL certificate as a backup:
11. Copy

    cp /var/lib/pgsql/current/data/server.crt /var/lib/pgsql/current/data/server.crt.orig

11. Place the new certificate in place of the original and modify the file permissions as follows:
12. Copy

    mv /home/friend/server.crt /var/lib/pgsql/current/data/server.crt
    chown postgres:postgres / var/lib/pgsql/current/data/server.crt
    chmod 644 / var/lib/pgsql/current/data/server.crt

12. Restart the database server to load the newly added SQL Certificate:
13. Copy

    systemctl restart postgresql-12

14. If the postgresql service starts without displaying any errors, then the new certificate has been accepted.

Instructions for the Stratusphere Collector Appliance

1. Use your favorite SSH client, such as Windows 10 Command Prompt or PuTTY, to connect and log in to the Stratusphere Collector appliance console using the credentials for <username> on your platform i.e., <username> as friend on VMware, Citrix, and Nutanix, ec2-user on AWS, and azureuser on Azure. The default password is sspassword.
2. Switch to the root user by executing the sudo bash command. When prompted, enter the password for your <username>.
3. Execute the following command to begin the process of collecting details for the certificate request:
4. Copy

   /opt/lwl/bin/createcsr.sh

4. The script will prompt for the following items (press Enter to accept defaults within […]):
   1. Country Name (2 letter code) [US]:
   2. State of Province Name (full name) [Georgia]:
   3. Locality Name (e.g., city) [Alpharetta]:
   4. Organization Name (e.g., company) [Liquidware, Inc.]:
   5. Common Name (e.g., server FQDN or YOUR name) [lwl]: col.domain.com
   6. Alternative DNS names (comma separated list) [lwl]: col1.domain.com, col2.domain.com
   7. The script will then generate the request and display the location where it is located:
   8. Copy

      Generating request...
      Request can be found here: /var/tmp/lwlreq.VhyY.csr.  Contents are:
      -----BEGIN CERTIFICATE REQUEST-----
      MIIC1DCCAbwCAQAwXTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB0dlb3JnaWExEzAR
      BgNVBAcMCkFscGhhcmV0dGExGTAXBgNVBAoMEExpcXVpZHdhcmUsIEluYy4xDDAK
      BgNVBAMMA2x3bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANnK3M6H
      PBcTfyvMJKVy+T0bNC28c6iKESTAeiWiYUK73MFld9UKX1XIELesxJapFZfpbVaG
      qt0uXnK4cgyGdsLuWjsDTP66BHRsclBnWwNt93RJAttqblML7ug7xQPdoHTE7TH7
      J3YrCkGcJsHT1laxgZlHaJzIt7QMmE81W3c0AFyLu82OOsIXrkGvoefi1G4HWxl9
      F6qUQ61YhMppJvv+LWI76bc05+DB/cpR7KqvX+r6fmwoEp0vlAD63xBgoTP/kZ1z
      e1v44hDZ8f2uIAAqURt6ZsYv64yq9Us6ev7JfJSGdU2NkfoNpeIPF09kq3wzgNHH
      y00LK08Bpdjnm8ECAwEAAaAyMDAGCSqGSIb3DQEJDjEjMCEwHwYDVR0RBBgwFoIJ
      aG9zdG5hbWUxgglob3N0bmFtZTIwDQYJKoZIhvcNAQELBQADggEBAIt+0MN0h6/w
      rKfvy3PH3XtkJpgHjiK3HsjAFCjtn+RBGSFo/oSFXjPk77ECk5cZo7RRk1I+aGbO
      gCV9A8TmPcVV9JwBSpAY6+pu9Ss/HYd+MkfdBZ3rZWicL1D0LZzGuDiuLek4iHEu
      rqtmqfoz9oXD3wa//AY0DzYFa/h9Xo3m79St1owCOKowYL8W/KQMYKHJnV4YxlBO
      whseGnqR4GcnpyGbl7nJt1wVmXKgCABYYN5KvJbZ58UjJtCIYyn1mZxHbMvCzguU
      hkLU8FvF3ZB4+JSfWDJuHBySnLh5WLr9CBjXRgxG/MRj58oGv2G0PZz+pfPLCj2A
      buySxtt9h1A=
      -----END CERTIFICATE REQUEST-----
      This file can be copied off or the contents pasted to obtain a certificate

5. The certificate request is generated in the following location with a .csr extension:
6. Copy

   /var/tmp/<certrequest>.csr

6. Enter the following to change ownership of the file so that it is accessible using the <username> on the platform (e.g., friend or ec2-user or azureuser user).
7. Copy

   chown friend:friend /var/tmp/<certrequest>.csr

7. Use your favorite SCP client, such as WinSCP or similar software, to connect to the appliance using its IP or DNS address, with SCP protocol and connecting to Port 22 using the credentials of the platform <username> (e.g., friend or ec2-user or azureuser user) to download this certificate request from /var/tmp/<certrequest>.csr file to your local desktop.
8. Provide this certificate request file to your security provider or Certifying Authority and request that they provide the SSL Certificate specifically in base64 / PEM format. For these instructions, we will call the SSL Certificate file sslcert.crt. When you see references to sslcert.crt in this document, you should substitute the actual name of the SSL Certificate file you received from your security provider or Certifying Authority.

9. Important: Pause here until you receive your SSL certificate from your provider, then complete the process using the following instructions.

9. Use your favorite SCP client, such as WinSCP or similar software, to connect to the appliance using its IP or DNS address, with SCP protocol and connecting to Port 22 using the credentials of the platform <username> (e.g., friend or ec2-user or azureuser user) to upload the sslcert.crt SSL Certificate file to your Stratusphere Collector in the /home/friend/sslcert.crt location.
10. Now back within your SSH client window on the Stratusphere Collector local console, while still logged in as the root user, make a copy the original SSL certificate as a backup:
11. Copy

    cp /etc/lwl/ssl/ssl.crt /etc/lwl/ssl/ssl.crt.orig

11. Place the new certificate in place of the original and modify the file permissions as follows:
12. Copy

    mv /home/friend/sslcert.crt /etc/lwl/ssl/ssl.crt
    chown root:root /etc/lwl/ssl/ssl.crt
    chmod 644 /etc/lwl/ssl/ssl.crt
    restorecon -RF /etc/lwl/ssl

12. Restart the Web Server to load the newly added SSL Certificate.
13. Copy

    systemctl restart httpd

14. If the above command restarts with no errors, the new certificate has been accepted by the web server.
15.