Jump to content

ESMC with SSL-Certificat


sag
 Share

Recommended Posts

Hallo zusammen,
ich möchte folgendes umsetzen.
Mein ESMC ist eine virtuelle Appliance-VM (CentOS).
Hier möchte ich das Zertifikat gegen ein Windows CA Zertifikat austauschen.
Ich habe die folgende Seite bereits durchgearbeitet.
https://support.eset.com/kb6721/?locale=en_US&viewlocale=en_US

Ich habe meine PFX anhand dieser Seite generiert.

https://www.medic-daniel.de/linux/2014/10/centos-ssl-zertifikate-aus-eine-microsoft-ca-anfordern-und-im-apache-einbinden

Anschließend wurde diese PFX gemäß den Anweisungen abgelegt.

Das selbstsignierte Zertifikat wird jedoch immer wieder angezeigt.

Hat das hier schon jemand umgesetzt.

Vielen Dank für das Lesen.

VG
SAY

eset-forum-1.jpg

 

Machine translation:

I would like to implement the following.
My ESMC is a virtual appliance VM (CentOS).
Here I would like to exchange the certificate for a Windows CA certificate.
I have already worked through the following page.
https://support.eset.com/kb6721/?locale=en_US&viewlocale=en_US

I generated my PFX based on this page.

https://www.medic-daniel.de/linux/2014/10/centos-ssl-zertifikate-aus-eine-microsoft-ca-anfordern-und-im-apache-einbinden

Subsequently, this PFX was filed according to the instructions.

However, the self-signed certificate is displayed again and again.

Has anyone implemented this?

Edited by Marcos
Machine translation added
Link to comment
Share on other sites

  • ESET Staff

Unfortunately I am not able to provide answer in german, but I will provide required steps to replace certificate in ESMC appliance to verify that nothing was missed. Link you provided provides steps to install custom certificate into Apache HTTP Server, which is used as HTTP proxy -> you have to change configuration of Apache Tomcat instead.

Technically you have to:

  1. obtain your new certificate. Either in Java keystore format or possibly in PFX format (this was not tested)
  2. Locate proper section of Apache Tomcat configuration file /etc/tomcat/server.xml. You have to find section that looks like this:
    <Connector port="8443"
               protocol="HTTP/1.1"
               SSLEnabled="true"
               maxThreads="150"
               scheme="https"
               secure="true"
               clientAuth="false"
               sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
               ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                        TLS_RSA_WITH_AES_128_CBC_SHA256,
                        TLS_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_RSA_WITH_AES_128_CBC_SHA,
                        TLS_RSA_WITH_AES_256_CBC_SHA256,
                        TLS_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_RSA_WITH_AES_256_CBC_SHA"
               keystoreFile="/etc/tomcat/.keystore"
               keystorePass="thisissomerandompassword"
               keyAlias="tomcat"
               />
  3. You have to adapt configuration to use your custom certificate. For this purpose, parameters keystoreFile, keystorePass and keyAlias are used. In case PFX certificate is used, you will have to use keystoreType="PKCS12" instead of keyAlias.
Link to comment
Share on other sites

Hello Martin,
thanks for the information. The problem is solved. I had my own connector created with port 443.
I did not know that in the IPTable a port forwarding on 8443 was set up.

Thanks for your information ..

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...