How can we help?

How to update a Webadmin Certificate and copy it to remote servers.

Follow

If the Netsweeper Webadmin certificate is going to expire in the near future, it is necessary to generate a new Webadmin certificate in the Webadmin Certificate Authority.

The Webadmin SSL Certificate link can be found in the Services > Server page in the ‘Webadmin ’ section.

Screen_Shot_01-17-23_at_02.27_PM.PNG

On this page you can either upload an externally generated certificate to the Webadmin server or generate a new one.

mceclip1.png

If you are generating a new Webadmin certificate, you should see the following success message.

mceclip2.png

 

Once the Webadmin certificate has been updated, it is necessary to restart the Webadmin httpd service.

This can either be done from the command line with the command "systemctl restart httpd" or in the Services > Server page in the ‘Webadmin ’ section as follows:

Screen_Shot_01-17-23_at_02.52_PM.PNG

If your deployment has remote servers such as a reporter server, deny page servers, logger servers, the Webadmin certificate will need to be copied to these servers.

The Webadmin certificate is stored in /etc/pki/tls/certs (for reference, the key is in /etc/pki/tls/private however, there is no need to copy the key.)

The certificate will need to be copied to each of the remote servers and file permissions and ownership set to match the original permissions on the Webadmin server. 

The following steps detail how to copy the certificate file to a temporary directory on the remote host and then log in to that host, sudo to root and then copy the file locally. 

The following "scp" command uses the remote proxy IP address192.168.30.143 as an example. You will be prompted for the remote proxy server's admin password.  (Note the capital "P" in the scp command "-P 60104" ssh port option)

$ sudo -i scp -P 60104 /etc/pki/tls/certs/localhost.crt admin@192.168.30.143:/tmp

Login to the remote host, make a backup of the old certificate and copy the new certificate file to the appropriate directory.

$ sudo -i cp /etc/pki/tls/certs/localhost.crt /etc/pki/tls/certs/localhost_old.crt
$ sudo -i cp /tmp/localhost.crt /etc/pki/tls/certs/

Verify that the permissions and ownership of the newly copied file match the original file on the Webadmin server. Make any corrections to the file permissions and ownership with the chmod and chown commands.

On the Webadmin server:   (Example only - Edited for clarity)

$ sudo -i ls -l /etc/pki/tls/certs/localhost*
-rw-r--r-- 1 root root 2386 Jan 17 14:49 localhost.crt

On the destination server:

$ sudo -i chmod 644 /etc/pki/tls/certs/localhost.crt
$ sudo -i chown root:root /etc/pki/tls/certs/localhost.crt

The certificates will not become active on the remote servers until the httpd service is restarted on each server.

For an EL6 server:
$ sudo -i service httpd restart

For an EL8 server:
$ sudo -i systemctl restart webadminctl

 

For more information about WebAdmin Certificate Management, please refer to the documentation here: WebAdmin Certificate Management

For more information about Command Line Services, please refer to the documentation here: Command Line Services

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request