IBM DataPower Operations Dashboard v1.0.14.0

A newer version of this product documentation is available.

You are viewing an older version. View latest at IBM DPOD Documentation.

Certificate Replacement

Owned by Copy Page Tree
Last updated: Aug 10, 2021 by Amit Munwes
1 min read

The process described in this page will let an administrator replace the default DPOD Web Console and Admin Console certificate with one signed by the organization.

Prerequisites

  • Access to the DPOD appliance

  • The new certificate and key files

Process

  1.  Log in to DPOD's appliance using SSH.

  2. Copy the new certificate and key files either to the current certificate directory on the DPOD appliance or to any other directory of your choice.
    The current certificate directory is /etc/httpd/conf/certs.

  3. Generate a new Diffie-Hellman (DH) Group for a more secured TLS session:

    openssl dhparam -out /etc/httpd/conf/certs/dhparams.pem 2048

    Append the new DH group parameters file to the new certificate

    cat /etc/httpd/conf/certs/dhparams.pem >> /etc/httpd/conf/certs/New_DPOD_Cer.cer

    See an example of the certificate file below:

    -----BEGIN CERTIFICATE----- MIIDDzCCAfegAwIBAgIJAIjhDQNZ4I2xMA0GCSqGSIb3DQEBCwUAMB4xHDAaBgNV BAMME09wZXJhdGlvbnNEYXNoYm9hcmQwHhcNMjEwMjIyMTE1ODQ1WhcNMzEwMjIw MTE1ODQ1WjAeMRwwGgYDVQQDDBNPcGVyYXRpb25zRGFzaGJvYXJkMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo88mvSbcYEGfd2dgKwzDmc/ua/FiFfNf +Bi/dw91FtZESBgwWDfgIihvXmEtO/DmJEfV55xJm0Fk49c5j6DXXtjztsC04o6K /0j/2Muztvxq2kckI+yv+jCrw6LxQN+wft03mHP/R6V/F74rEMc5kdx5X5HFA8Fh qFEH154DLp4MGsvbkU7CEjQw6VMj3M3m1ot/m0RkAgGIs7oH2E58VqJfhps2pqCC fXNVrPSG8pSykKt/ZL1oYr33DQD3zvn68aBpuChwNt8enPqytTJiaJuDD6y9KcRO tLbRi5jWU8HSkqztfxr3ohCGdb61tkwr9Vn969mtqwv8GXsxSyI4IwIDAQABo1Aw TjAdBgNVHQ4EFgQU55Uu4PnL9s1sIY/H25gABo23w8swHwYDVR0jBBgwFoAU55Uu 4PnL9s1sIY/H25gABo23w8swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC AQEAA1z1KHkxotKGlxNYdz9dKunpMKsRpE6hEzIvEI3ZU+1Is007AHelXBeRidN0 eHqVdcgOPn1EamEXjgqp7weXlPKyKlZGPdRD9hJR1/XvTuPBaJ/rI+NJkPQpfysY hWM32rMXuqQn6UUrPT9N7s+m4ArQmoQu3+ZipgGspQrSKW0xxq0d1n15RiC6UuJo ggKUYB4Gw3lOi6oKxX91NqhkVOzmaM7ok/Z+rOM6X6M2bC2KWN6IYjW688RiJE8j S8kVtQThGaGbexvDlbE6vDmFtwPi5KTroU/T+0vHJ9lwTV1YvWduQ5EsQNlnDcSS GZYv2emdIk3/WcuMV0mqkXjhsw== -----END CERTIFICATE----- -----BEGIN DH PARAMETERS----- MIIBCAKCAQEA+SfHDxWo0BRXc/BxfJHZVkHtk16RmBHHiKv5HDOuhl1raZIEbJ2H 8e5Q0GVCxe30F7Cr66Wfx4jaHVQqkZ+YxuWLqDlHWUYeGPwXXdMXQtuQpPmfSbaT fb+dJ1OT4T5qRttzRWqlu+ZeKeYkOFMO7XqMcDMtMx8cCh6smtkPkG69Tb8cm0l8 0JQuSpRiqYq94pLAf1ReY2jFIWMEtGz4dwSBi7QD+Ncs0rPFecQPPFmmGp1hTeNf NhJHSMvkQrEiX7RHZVZVZ8ovwC9IzID5m2UgmDQ8/TgiBA9WyngswBFSglNvP9dK pb23nP4rDQ7sL307eponbeL/BsNUE4BeqwIBAg== -----END DH PARAMETERS-----

  4. Open the web server configuration file for editing:

  5. Update the SSL Certificate lines:

    SSLCertificateKeyFile needs to point to a key of a "PEM" format. 

    SSLCertificateFile needs to point to a certificate of a "PEM" format.
    Note: The certificate / key cannot be stored in a keystore (JKS, PKCS).

  6. Restart the web server:

Troubleshooting

  1. Run syntax check on the httpd configuration file to make sure the certificate and key file paths are valid:

    Valid output should be : "Syntax OK"
    Wrong certificate path: "SSLCertificateFile: file '/etc/httpd/conf/certs/DPOD.cer' does not exist or is empty"

  2. Make sure the certificate and key file formats are valid.
    Check key file format:


    Check certificate file format:





 

IBM DataPower Operations Dashboard (DPOD) v1.0.14.0