Page History
...
Note |
---|
Creation of an own SSL Certificate or import of an existing SSL certificate is only required when it is NOT POSSIBLE to use the default panagenda GreenLight SSL certificate. |
Import an existing SSL
...
Certificate (optional)
- Copy PEM and KEY file to
/opt/panagenda/appdata/volumes
...
/nginx
...
IMPORTANT: Please use the same filename for your keys!
Create a new SSL Certificate < v3.5 (optional)
The following describes the creation of a new SSL certificate for panagenda GreenLight using the "keytool" script. Follow these steps on the panagenda GreenLight appliance console:
- delete the current certificate: sudo /opt/java/bin/keytool -delete -alias tomcat -keystore root/.keystore(the default keystore password is "changeit")
- create the new certificate: sudo /usr/lib/jvm/jdk/bin/keytool -genkey -alias tomcat -keyalg rsaa "wizard" will guide you through the creation of the new SSL certificate
- When asked for your "first and last name", provide the IP address or domain name for your panagenda GreenLight appliance
- When asked for a password for the key, provide the default password "changeit"
After the appliance restart, your newly created certificate will be used for SSL connection encryption – therefore no warnings will appear when a connection is established from a browser to the virtual appliance.
Import an existing SSL Certificate < v3.5 (optional)
If available, you could import your own SSL certificate by following these steps on the panagenda GreenLight appliance console:
- Copy the certificate to /tmp
- Remove self issued cert from keystore sudo /usr/lib/jvm/jdk/bin/keytool -delete -alias tomcat -keystore /root/.keystore
- Import private key to /root/.keystore sudo /usr/lib/jvm/jdk/bin/keytool -importkeystore -srcalias 1 -srcstorepass <pfx-password> -srckeystore /tmp/yourprivkey.pfx -srcstoretype pkcs12 -destkeystore /root/.keystore -deststoretype JKS -destalias tomcat
- It is import that your private key uses the same password as the keystore, so change it to changeit: sudo /usr/lib/jvm/jdk/bin/keytool -alias tomcat -keypasswd
Note | ||
---|---|---|
| ||
You have to type the password three times, first for the keystore and two times to change the password. |
...
open PUTTY console and execute: docker restart gl_nginx
Wait until NGINX container is restarted and access again the Webpage of GL.
The new SSL is now active: