Installing a custom signed SSL certificate

Ops Center Administrator Getting Started Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99ADM000-20

You can log in using SSH to the Ops Center Administrator server to install a custom signed SSL certificate.

Because the current installation always searches for disk space under the “root” partition, you must ensure that you have a partition with free space available. You cannot install Ops Center Administrator in a customized location.
  1. Log in using SSH to the Ops Center Administrator server.
  2. Get the server.key file from the container:
    podman cp $(podman ps --format "{{.ID}} {{.Image}}" -a | grep "rdocker:6000/rainier-infra-proxy" | awk '{ print $1 }'):/etc/nginx/certificates/server.key /tmp
  3. Navigate to the /tmp folder and run the following command to create the server.csr file:
    • The following example is for a certificate using RSA as the signature algorithm:
      # openssl req -new -newkey rsa:2048 -keyout server.key -out server.csr -nodes
    • The following example is for a certificate using ECDSA as the signature algorithm:
      # openssl req -new -newkey ec:<(openssl ecparam -name secp384r1) -keyout server.key -out server.csr -nodes
  4. Send the server.csr file to the certification authority to get the server.crt file.
  5. Open a browser and enter the following URL in the address bar:
    https://ip-address:port/vam

    where:

    • ip-address is the IP address of the Ops Center Administrator server.
    • port is the port number of the Ops Center Administrator. The default port number is 443 or 20961.

    The default login credentials are sysadmin/sysadmin

  6. Click Certificate Settings.
    1. Copy the server.crt (from Step 4) content into the CERTIFICATE area.
    2. Copy the server.key content into the PRIVATE KEY area.
  7. Click Submit and wait for five minutes.
  8. Launch the Ops Center Administrator UI and verify the SSL certificate from your browser.