Configuring a CA signed SSL certificate (Analyzer detail view server)

Ops Center Analyzer Detail View User Guide

Version

11.0.x

Audience

anonymous

Part Number

MK-99ANA007-06

ft:lastEdition

2026-03-16

Configure a CA signed SSL certificate to initiate a secure browser sessions by creating a private key, creating a certificate signing request (CSR), and applying the server certificate.

Creating a private key and a certificate signing request

Create a certificate signing request (CSR) for Analyzer detail view server and send it to the certificate authority to obtain the certificate file.

Log on to the Analyzer detail view server through an SSH client (like putty) as a root user.
Navigate to the /usr/local/megha/jetty/etc directory:
```
cd /usr/local/megha/jetty/etc
```

Create a private key using one of the following algorithms:

RSA:

openssl genrsa -out jettyPrivate.key

ECDSA:

openssl ecparam -out jettyPrivate.key -name prime256v1 -genkey

Create a certificate signing request (CSR):
```
openssl req -new -key jettyPrivate.key -out /tmp/certreq.csr
```
Follow the instructions displayed on the console to enter the details for your certificate request. When requested to provide the common name, make sure that you enter a fully qualified host name.

Enter the default password for CSR: megha.jeos
Note: If you provide a password of your choice, note it. You will need this when applying server certificates.
Copy the certificate request file from /tmp/certreq.csr and submit it to the certificate authority to create the certificate file.

Applying server certificates

The certificate authority creates the following three certificate files:

Root
Intermediate
Host

Note: If you do not want to stop the crond service, you can stop specific processes of the Analyzer detail view server and Analyzer probe server by using the crontab -e command as described in Stopping the Analyzer detail view server or Analyzer probe server services and Starting the Analyzer detail view server or Analyzer probe server services

Upload the certificate files to the Analyzer detail view server. (For example, /usr/local/megha/jetty/etc).
Navigate to the /usr/local/megha/jetty/etc directory:
```
cd /usr/local/megha/jetty/etc
```
Combine the chain of certificates by concatenating them into a single file (in the order indicated). For example:
```
cat host.cer imd.cer root.cer > cert-chain.cer
```

Combine the private key and certificate in the jetty.pkcs12 file using the following command:

openssl pkcs12 -export -inkey jettyPrivate.key -in cert-chain.cer -out jetty.pkcs12 -name jetty

Enter the password that you provided when creating the CSR (default: megha.jeos).
Stop the crond service using the command:
```
service crond stop
```
Stop all the running services using the following command:
```
/usr/local/megha/bin/stop-all-services.sh
```
Verify that the megha and crond services are stopped by entering these commands:
```
/usr/local/megha/bin/megha-jetty.sh status
```
```
service crond status
```

Create a backup of the existing keystore file using the following command:

mv /usr/local/megha/jetty/etc/keystore /usr/local/megha/jetty/etc/keystore-orig

Create a backup of an existing userKeystoreConfig file using the following command:

cp /usr/local/megha/jetty/etc/userKeystoreConfig.xml /usr/local/megha/jetty/etc/userKeystoreConfig-orig.xml

Import the pkcs12 file (using keytool) using the following command:

keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore -deststoretype PKCS12

Enter the password that you provided when creating the CSR (default: megha.jeos).
Note: If you provided a password of your choice when creating the CSR, make sure you change the following fields in the /usr/local/megha/jetty/etc/userKeystoreConfig.xml file.
```
KeyStorePassword
KeyManagerPassword
TrustStorePassword
```
If the password includes the following special characters, you must replace them as indicated when editing these fields:
- Replace ' " ' with '"'
- Replace ' ' ' with '''
- Replace ' < ' with '<'
- Replace ' > ' with '>'
- Replace ' & ' with '&'
For example:
- Replace abc"123 with abc"123
- Replace abc'123 with abc'123
- Replace abc&"123 with abc&"123
(Optional): If you want an encrypted password for security purpose, you can convert the password into OBF format using the following command and provide the converted password in the userKeystoreConfig.xml file:
```
java -cp /usr/local/megha/jetty/lib/jetty-util-<Jetty Version>.jar org.eclipse.jetty.util.security.Password "password_provided_when_creating_CSR"
```
For example:
```
java -cp /usr/local/megha/jetty/lib/jetty-util-12.0.4.jar org.eclipse.jetty.util.security.Password "abc&123"
```
If the password contains " quotation mark, provide the password within ' ' quotation marks in the above command. For example: 'abc"123'

Change the ownership and permission of the keystore file:

chown megha:megha /usr/local/megha/jetty/etc/keystore

chmod og-rwx /usr/local/megha/jetty/etc/keystore

Start the megha service using the following command:
```
/usr/local/megha/bin/megha-jetty.sh start
```
Start the crond service using the following command:
```
service crond start
```
(Optional) Remove the certreq.csr, cert-chain.cer, and jetty.pkcs12 files if you will not need them in the future:
```
rm /tmp/certreq.csr
rm /usr/local/megha/jetty/etc/cert-chain.cer
rm /usr/local/megha/jetty/etc/jetty.pkcs12
```