The system encrypts the communication between end-users and the Web & Admin Consoles with self-signed certificates generated during the installation.

Use the following procedure to replace these certificates:

1. Make sure you have the custom certificate and key files provided in .pem format. If the key file is encrypted, make sure to also have the key passphrase in a .txt file.
   Use the following file names:

   custom_cer.pem custom_key.pem custom_key_passphrase.txt (optional)

2. In a Cell Environment, perform all the steps on the cell manager only.

3. Log in to DPOD's server using SSH.

4. Copy the custom certificate file, the custom key file and optionally the custom key passphrase file to /etc/httpd/conf/certs.

5. Generate a new Diffie-Hellman (DH) Group for a more secured TLS session and append the new DH group parameters file to the custom certificate:

   openssl dhparam -out /etc/httpd/conf/certs/custom_dhparams.pem 2048 cat /etc/httpd/conf/certs/custom_dhparams.pem >> /etc/httpd/conf/certs/custom_cer.pem

6. Execute the following commands:

   sed -i 's#^SSLCertificateFile .*#SSLCertificateFile "/etc/httpd/conf/certs/custom_cer.pem"#g' /etc/httpd/conf/httpd.conf sed -i 's#^SSLCertificateKeyFile .*#SSLCertificateKeyFile "/etc/httpd/conf/certs/custom_key.pem"#g' /etc/httpd/conf/httpd.conf

7. If the key file is encrypted, create a script named custom_key_passphrase.sh:

   with the following content:

   and execute the following commands:

8. Run a syntax check on the httpd configuration file to make sure the configuration is valid:

   Valid output:

   Invalid output:

9. Restart the web server:

Troubleshooting

1. Make sure the certificate file is valid:

   Valid output:

   Invalid output:

2. Make sure the key file is valid:

   Valid output:

   Invalid output: