IBM DataPower Operations Dashboard v1.0.11.0

A newer version of this product documentation is available.

You are viewing an older version. View latest at IBM DPOD Documentation.

Certificate Replacement

The process described in this page will let an administrator replace the default DPOD Web Console and Admin Console certificate with one signed by the organization.

Before You Begin

You will need:

  • Access to the DPOD appliance
  • The new certificate and key files

Process

  1.  Log in to DPOD's appliance.
  2.  Copy the new certificate and key file either to the current certificate directory on the DPOD appliance or to any other directory of your choice.
    The current certificate directory is:

    /etc/httpd/conf/certs


  3. Open the web server configuration file for editing:

    vi /etc/httpd/conf/httpd.conf
  4. Update the SSL Certificate lines:

    SSLCertificateFile "the new certificate file path"
    SSLCertificateKeyFile "the new key file path"

    SSLCertificateKeyFile needs to point to a key of a "PEM" format. 

    SSLCertificateFile needs to point to a certificate of a "DER" format.

    The certificate / key can not be stored in a keystore (JKS, PKCS)

  5. Restart the web server

    service httpd restart
  6. Troubleshooting

    1. Run syntax check on httpd configuration file to make sure certificate and key file path are valid:

      apachectl -t

      Valid output should be : "Syntax OK"
      Wrong certificate path : "SSLCertificateFile: file '/etc/httpd/conf/certs/DPOD.cer' does not exist or is empty"

    2. Make sure certificate and key file format are valid

      Check key file format

      openssl rsa -in DPOD.key -check
      Valid output :
      RSA key ok writing RSA key -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA6ti29asWLikNHmici/2SjgkQWjfrzw6n2l2AQ2AxzVPGwnoy POHWTz5+0H+WYfy0NgRNEn1KvcBqJtk26cM4NUhgdi7qP5g11u/1nkGqdJiPK3Dx BdivYLnJEQF6gvK57nzUHkEHMLc93zTJql+O5dUgjKdkG/DnIIPl9gXUuW33lo5V jftvMtdSoFIJ4SVMtriSTmE8CGH49CqVu03Qp5jhfAmz83V07QcD6YpBe9MD/fdE hwY/Y+kH+A1mBchAGTDLLz7O8a2FYoMHgkycDuiZuIBiSzSaV6Tf/my8n4F8c+kq c2fFTqHZmW0H8dMRi2RNRgvQ6Kn8joN7Tev4xQIDAQABAoIBAQDoitrv/A8keiWx XKjWvanm1vbIPuNSzhJLWZZuIMxvomsHm3QvcPiC00FDN3MzZ8UST8P5cPMXXXY/ LYsAgfwgVqCdperyOcfmIwm1QRSGC6KIw3cF8QAH6S89lZc4Hx0ZF6X6py11gZzU bjLab3DSB+4JGJ86Q5q5SaHlsPRo/qMWK934XvWpq/DejXFgEbVvGdUczafj7i8b 5gwKeVjJnEiXYH7IeayOJv1o9awlWRy0c/eAZ6nosAfQU3QFnpGKwNRlwbC2S6z2 HAaIF9wZt3qaTQV9gw4SwkO5RJTgCAMsC1EFgzby8dCsoK4pHjTeTTHhoHNCNs26 izolmLYBAoGBAPs5b+i4vfX8VGaFnaCgDJtS4/xnakHrwJtwGFS4EeMdBh/pDmsP 3rU4W6safuN3YGayt05Luu+5y1iZnioWv7ZsYFKcih5paFcVPf8ysUfdL7tAtfCe DZLxVpTZwct4UJ5ZPsmTBDzQDWv4OGAuyE+noCk4kXrkq1kDOTG6DHFBAoGBAO9P k4JQ4JpGzCk7gl3S604P7Oaq34KRP7+sJZmW2Ll/GOfLKxqmqX+yUej0lm+rssou QJHND7PdC3ctKGPsPvT8nDZeFqW5LXGEC2kqYZUvIMi/isIsfdN8TR21MRNkcZc2 1IV/ZhBhMfkaiZPxiwGG2Q5SKD0/Nxcr6iXJSqKFAoGAXZJFJm85AdgcL5tw3JUA XRIArNBv+WGv+bVEurlcoDT9RQFvR10/3EvDiPVzcZHTLC1ArT7zv7p6DOQazx5u BapULjD0GOO140mcL+NXuKaf0qUFnzufXq3ZS9PXpMuJa5FeG4JQv73WYfKwPNLv 9QtAUlophZaKY7sZoHXlkIECgYAWdeqLVZnvAOwShqJSugQZvIbok2sM7yMDk12o D69hoZstzjTKeI/6CzuC2MnxyzSpozOuO4fYwstbsSJUVo0GI1tqAuSvQzUPrWwA v9iOzvCNxuR4GwLoQYdfXW0wu8GphpzltrJWoTi2f5YgC5CXYReoL2/VZ8R86UM9 rqnRnQKBgAvWFGBFfOzdGlMET+Ym5HyvzK/at4e2b9TP8qAjMqGpEpVv+pU8c/rt Xz1eZNk9ptBIJiPlYaNPNM/75tQ1AMNlg0Sv9RzowsG8EJr5oSIq3xpulLhTFb8G 1gEARgpDLMdcsHVwjdW7lCCG+cA8ayyo0BVk/WONnUNCGQAMouSn -----END RSA PRIVATE KEY-----
      
      
      
      Invalid Output :unable to load Private Key 139695916947264:error:0906D06C:PEM routines:PEM_read_bio:no start line:crypto/pem/pem_lib.c:691:Expecting: ANY PRIVATE KEY


      Check certificate file format

      openssl x509 -in DPOD.cer -text -noout
      Valid output :
      Certificate: Data: Version: 3 (0x2) Serial Number: ab:36:a9:5c:d4:1d:c3:aa Signature Algorithm: sha256WithRSAEncryption Issuer: CN = OperationsDashboard Validity Not Before: May 15 09:09:18 2017 GMT Not After : May 13 09:09:18 2027 GMT Subject: CN = OperationsDashboard Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ea:d8:b6:f5:ab:16:2e:29:0d:1e:68:9c:8b:fd: 92:8e:09:10:5a:37:eb:cf:0e:a7:da:5d:80:43:60: 31:cd:53:c6:c2:7a:32:3c:e1:d6:4f:3e:7e:d0:7f: 96:61:fc:b4:36:04:4d:12:7d:4a:bd:c0:6a:26:d9: 36:e9:c3:38:35:48:60:76:2e:ea:3f:98:35:d6:ef: f5:9e:41:aa:74:98:8f:2b:70:f1:05:d8:af:60:b9: c9:11:01:7a:82:f2:b9:ee:7c:d4:1e:41:07:30:b7: 3d:df:34:c9:aa:5f:8e:e5:d5:20:8c:a7:64:1b:f0: e7:20:83:e5:f6:05:d4:b9:6d:f7:96:8e:55:8d:fb: 6f:32:d7:52:a0:52:09:e1:25:4c:b6:b8:92:4e:61: 3c:08:61:f8:f4:2a:95:bb:4d:d0:a7:98:e1:7c:09: b3:f3:75:74:ed:07:03:e9:8a:41:7b:d3:03:fd:f7: 44:87:06:3f:63:e9:07:f8:0d:66:05:c8:40:19:30: cb:2f:3e:ce:f1:ad:85:62:83:07:82:4c:9c:0e:e8: 99:b8:80:62:4b:34:9a:57:a4:df:fe:6c:bc:9f:81: 7c:73:e9:2a:73:67:c5:4e:a1:d9:99:6d:07:f1:d3: 11:8b:64:4d:46:0b:d0:e8:a9:fc:8e:83:7b:4d:eb: f8:c5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: E7:09:B0:A0:66:32:5F:BD:BF:8E:9E:76:07:02:AB:58:FD:E3:CD:66 X509v3 Authority Key Identifier: keyid:E7:09:B0:A0:66:32:5F:BD:BF:8E:9E:76:07:02:AB:58:FD:E3:CD:66 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption 3a:f3:8b:41:31:77:93:c9:28:85:f0:81:31:5c:fb:19:ad:05: 26:81:98:a7:28:e5:6a:35:04:d3:e5:72:fa:f7:3f:50:42:c1: c6:32:da:f0:49:6c:31:b4:c3:5a:9c:b4:64:66:67:2f:e3:87: fe:cc:2c:2f:3b:89:e0:be:6c:c5:be:0a:be:50:e2:cd:40:2f: 90:37:91:8d:4c:48:f6:98:88:53:bc:03:f4:61:70:63:07:5f: 44:dd:8a:8c:9b:d5:5c:d2:cf:b7:35:8b:3d:3a:e2:87:28:67: 40:dc:d6:c2:63:b0:94:29:be:ce:46:28:c0:c5:20:d4:09:a3: f7:dc:7d:d1:18:8d:cc:a8:1c:af:dc:6d:c9:47:c5:aa:23:b8: 74:92:77:ab:76:5c:f8:91:8d:f0:2c:3b:ba:35:c7:1f:d6:91: 34:5d:bf:e6:a1:75:bb:4f:56:c8:b1:b8:2d:84:1c:5a:73:24: e6:9a:dd:7c:06:c3:70:49:2f:22:e4:50:f6:ec:ae:a4:92:20: 07:cd:07:09:c8:81:4f:a2:f9:f7:55:da:72:90:00:a6:09:4b: 7d:b5:58:53:4a:d6:da:08:9e:62:b1:b1:c4:56:34:e1:98:a5: 14:47:4b:1e:60:5a:d5:53:11:d4:c2:c7:84:fc:f6:2d:41:06: 04:e4:e6:ba
      
      
      Invalid Output :unable to load certificate 140583261931328:error:0906D06C:PEM routines:PEM_read_bio:no start line:crypto/pem/pem_lib.c:691:Expecting: TRUSTED CERTIFICATE

IBM DataPower Operations Dashboard (DPOD) v1.0.11.0