Please note: an Admin level Account with the appropriate permissions is required to access the Services Window.
Overview
If the Netsweeper Webadmin Certificate is going to expire in the near future, You can generate a new one as well as share with your remote servers.
Accessing the WebAdmin SSL Certificate Window
Navigate to Administration > Services and select the localhost button to expand the services.
Select the More Actions button for the WebAdmin Service and choose the WebAdmin SSL Certificate option.
The WebAdmin SSL Certificate window allows you to either upload an externally generated certificate to the Webadmin server, or to generate a new one.
If you are generating a new WebAdmin Certificate, you should see the following success message.
Restarting the WebAdmin Service
Once your certificate has been updated, it is necessary to restart the WebAdmin Service.
This can either be done from the command line with the command "systemctl restart httpd" or in the Services window.
Sharing your Certificate with Remote Servers
If your deployment has remote servers such as a reporter server, deny page servers, logger servers, the Webadmin certificate will need to be copied to these servers.
The Webadmin certificate is stored in /etc/pki/tls/certs (for reference, the key is in /etc/pki/tls/private however, there is no need to copy the key.)
The certificate will need to be copied to each of the remote servers and file permissions and ownership set to match the original permissions on the Webadmin server.
The following steps detail how to copy the certificate file to a temporary directory on the remote host and then log in to that host, sudo to root and then copy the file locally.
The following "scp" command uses the remote proxy IP address192.168.30.143 as an example. You will be prompted for the remote proxy server's admin password. (Note the capital "P" in the scp command "-P 60104" ssh port option)
$ sudo -i scp -P 60104 /etc/pki/tls/certs/localhost.crt admin@192.168.30.143:/tmp
Login to the remote host, make a backup of the old certificate and copy the new certificate file to the appropriate directory.
$ sudo -i cp /etc/pki/tls/certs/localhost.crt /etc/pki/tls/certs/localhost_old.crt
$ sudo -i cp /tmp/localhost.crt /etc/pki/tls/certs/
Verify that the permissions and ownership of the newly copied file match the original file on the Webadmin server. Make any corrections to the file permissions and ownership with the chmod and chown commands.
On the Webadmin server: (Example only - Edited for clarity)
$ sudo -i ls -l /etc/pki/tls/certs/localhost*
-rw-r--r-- 1 root root 2386 Jan 17 14:49 localhost.crt
On the destination server:
$ sudo -i chmod 644 /etc/pki/tls/certs/localhost.crt
$ sudo -i chown root:root /etc/pki/tls/certs/localhost.crt
The certificates will not become active on the remote servers until the httpd service is restarted on each server.
For an EL6 server:
$ sudo -i service httpd restart
For an EL8 server:
$ sudo -i systemctl restart webadminctl
Additional Information
For information about WebAdmin Certificate Management, please refer to this document
You can find more information about Netsweeper Command Line Tools here.