Hello all…I am trying to setup the Remote Control Server Web Page with an internal CA trusted certificate and I am having trouble finding the documentation for doing that. During the install of RC we selected the option to use a self signed cert and now we need to change it to our trusted internal certificate. Any help is appreciated. Thank you!
1 Like
@cmcannady Thanks for the response. I looked through that guide and the certificate information it refers to is for configuring the Broker and SSO. I didn’t see anything about the main web page for RC, but I could be missing something.
I’m afraid that I haven’t performed this type of RC implementation. It may be necessary to open a P3 support case with L2 to resolve your stated issues. However, I would recommend reviewing the available KB articles in the support portal.
Please note that you may have to register within the portal to access the KB articles and must be registered to submit a support case to L2.
Thank you…I will open up a case.
Hi Mike,
Assuming that you already know how to generate the CA signed certificate, this is the page you were looking for:
If you want to reuse the existing keystore (key.jks) perform step (2) otherwise if you already generated the signed certificate perform the step (1) to let the RC server use it.
Hi Federico,
Thanks for sending the info. The signed certificate I have is in the PEM format. Which we used for the Broker config, WebUI, WebReports, etc. Do you know if we can use that type of certificate or will I need to create a cert request with the ikeyman tool? Apologies, but I am unfamiliar with the ins and outs of certificates and it’s not clear to me specific steps needed to properly use our trusted CA certificate. Thanks again for your assistance.
I think that Liberty only supports JKS (.jks) and PKCS12 (.p12). You need to convert your PEM certificate to a PKCS12. For example you can use the OpenSSL command line. You need to extract the private key and the certificate chain from the certificate file:
openssl crl2pkcs7 -nocrl -certfile Original.pem | openssl pkcs7 -print_certs -out MyCerts.pem
openssl pkey -in Original.pem -out MyKey.key
and once you extracted the private key and the certificate:
openssl pkcs12 -export -out MyKeyStore.p12 -inkey MyKey.key -in MyCerts.pem
You might need to add also the option -certfile MyCACerts.crt if you want to include the full certificate chain to the .p12
Thanks for the info. We will give this a try and report back.