After the collection process is completed, your browser should download the certificate file. Follow the "pick-up" or "collection" link in the email and initiate the downloading process. Collecting Your CertificateĪfter validation is finished, the issuing Certificate Authority (CA) will send the certificate via email to the certificate requester. This method will be deprecated on June 1, 2023. If you purchased your Code Signing certificate after May 14, 2023, you will not need to undergo any of these processes as the certificate will be delivered to you in its final form on physical hardware. This article includes instructions for collecting and converting your code signing certificate into a PFX file for signing. If postgres restarted successfully, the new certificate was accepted.Solution home Comodo/Sectigo Code Signing OV/IV Code Signing Certificate Collection Windows: Convert Code Signing to PFX (CSR Method) On versions prior to 6.5.0, use the following command: Restart the database service to load the newly added SSL Certificate. Openssl rsa -in /home/friend/ -out /home/friend/Ĭp /var/lib/pgsql/current/data/server.crt /var/lib/pgsql/current/data/Ĭp /var/lib/pgsql/current/data/server.key /var/lib/pgsql/current/data/Ĭp /home/friend/ /var/lib/pgsql/current/data/server.crtĬp /home/friend/ /var/lib/pgsql/current/data/server.keyĬhown postgres:postgres /var/lib/pgsql/current/data/server.crtĬhmod 400 /var/lib/pgsql/current/data/server.crtĬhown postgres:postgres /var/lib/pgsql/current/data/server.keyĬhmod 400 /var/lib/pgsql/current/data/server.keyĩ. Openssl pkcs12 -in /home/friend/YOURCERTNAME.pfx -nocerts -nodes -out /home/friend/ Openssl pkcs12 -in /home/friend/YOURCERTNAME.pfx -clcerts -nokeys -out /home/friend/ If AWS, it would be ec2-user rather than friend (you'll need to replace friend with ec2-user for the below commands as well). WinSCP the pfx file to /home/friend/ on the DB as friend user. Check that your browser shows the correct certificate.ġ. If httpd restarted successfully after the cert was replaced, the Stratusphere WebUI should be accessible. On versions 6.5.0 and higher, use the following command: On versions 6.1.3, 6.1.4, use the following command: On versions up to 6.1.1, use the following command: Restart the Web Server to load the newly added SSL Certificate. Update ownership, permissions, security context:ĩ. Openssl rsa -in /home/friend/ -out /home/friend/Ĭp /etc/lwl/ssl/ssl.crt /etc/lwl/ssl/Ĭp /etc/lwl/ssl/ssl.key /etc/lwl/ssl/Ĭp /home/friend/ /etc/lwl/ssl/ssl.crtĬp /home/friend/ /etc/lwl/ssl/ssl.keyĨ. Remove the passphrase from the private key (if needed): Openssl pkcs12 -in /home/friend/YOURCERTNAME.pfx -nocerts -nodes -out /home/friend/ĥ. Export the private key file from the pfx file: Openssl pkcs12 -in /home/friend/YOURCERTNAME.pfx -clcerts -nokeys -out /home/friend/Ĥ. Export the certificate file from the pfx file by running this command in putty (replace YOURCERTNAME): Putty in as friend user and run sudo bash to change to root user.ģ. If AWS, it would be ec2-user rather than friend (you'll need to replace friend with ec2-user for the below commands as well).Ģ. WinSCP the pfx file to /home/friend/ on the hub or collector as friend user. Your security team created the certificate without using the CSR or may have given you the certificate in PFX format.ġ. The main document for replacing SSL certificates ( linked here) shows you how to create a CSR and private key from within the Stratusphere appliance and then request a matching base64/PEM format certificate using that CSR.
0 Comments
Leave a Reply. |