How can we help?

How to update a Webadmin Certificate and copy it to remote servers.

Follow

If the Netsweeper Webadmin certificate is going to expire in the near future, it is necessary to generate a new Webadmin certificate in the Webadmin Certificate Authority.

The Webadmin SSL Certificate link can be found in the Services > Server page in the ‘Webadmin ’ section.

Screen_Shot_01-17-23_at_02.27_PM.PNG

On this page you can either upload an externally generated certificate to the Webadmin server or generate a new one.

mceclip1.png

If you are generating a new Webadmin certificate, you should see the following success message.

mceclip2.png

 

Once the Webadmin certificate has been updated, it is necessary to restart the Webadmin httpd service.

This can either be done from the command line with the command "systemctl restart httpd" or in the Services > Server page in the ‘Webadmin ’ section as follows:

Screen_Shot_01-17-23_at_02.52_PM.PNG

If your deployment has remote servers such as a reporter server, deny page servers, logger servers, the Webadmin certificate will need to be copied to these servers.

The Webadmin certificate is stored in /etc/pki/tls/certs and the key is in /etc/pki/tls/private.

The certificate and key will need to be copied to each of the remote servers and file permissions and ownership set to match the original permissions on the Webadmin server.

The following steps detail how to copy the certificate and key files to a temporary directory on the remote host and then log in to that host, sudo to root and then copy the files locally. 

The following "scp" commands use the remote proxy IP address192.168.30.143 as an example. You will be prompted for the remote proxy server's admin password.  (Note the capital "P" in the scp command "-P 60104" ssh port option)

# scp -P 60104 /etc/pki/tls/certs/localhost.crt admin@192.168.30.143:/tmp
# scp -P 60104 /etc/pki/tls/private/localhost.key admin@192.168.30.143:/tmp

Login to remote proxy host and copy the files to their appropriate directories.

$ sudo -i
#cd /tmp
# cp localhost.crt /etc/pki/tls/certs/
# cp localhost.key /etc/pki/tls/private/

Verify that the permissions and ownership of the newly copied files match the original files on the Webadmin server. Make any corrections to the file permissions and ownership with the chmod and chown commands.

On the Webadmin server:   (Examples only - Edited for clarity)

# cd /etc/pki/tls/certs/
# ls -l localhost*
-rw-r--r-- 1 root root 2386 Jan 17 14:49 localhost.crt
# cd /etc/pki/tls/private/
# ls -l localhost*
-rw-r----- 1 root mysql 3272 Jan 17 14:49 localhost.key

On the destination server:

# cd /etc/pki/tls/certs/
# chmod 644 localhost.crt
# chown root:root localhost.crt
# cd /etc/pki/tls/private/
# chmod 640 localhost.key
# chown root:mysql localhost.key

The certificates will not become active on the remote servers until the purpose related services are restarted on each server with the appropriate "systemctl restart _____" command(s).

For example:


# systemctl restart nsreporterctl

 

For more information about WebAdmin Certificate Management, please refer to the documentation here: WebAdmin Certificate Management

For more information about Command Line Services, please refer to the documentation here: Command Line Services

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request