sag 0 Posted June 27, 2019 Share Posted June 27, 2019 (edited) Hallo zusammen, ich möchte folgendes umsetzen. Mein ESMC ist eine virtuelle Appliance-VM (CentOS). Hier möchte ich das Zertifikat gegen ein Windows CA Zertifikat austauschen. Ich habe die folgende Seite bereits durchgearbeitet. https://support.eset.com/kb6721/?locale=en_US&viewlocale=en_US Ich habe meine PFX anhand dieser Seite generiert. https://www.medic-daniel.de/linux/2014/10/centos-ssl-zertifikate-aus-eine-microsoft-ca-anfordern-und-im-apache-einbinden Anschließend wurde diese PFX gemäß den Anweisungen abgelegt. Das selbstsignierte Zertifikat wird jedoch immer wieder angezeigt. Hat das hier schon jemand umgesetzt. Vielen Dank für das Lesen. VG SAY Machine translation: I would like to implement the following. My ESMC is a virtual appliance VM (CentOS). Here I would like to exchange the certificate for a Windows CA certificate. I have already worked through the following page.https://support.eset.com/kb6721/?locale=en_US&viewlocale=en_US I generated my PFX based on this page. https://www.medic-daniel.de/linux/2014/10/centos-ssl-zertifikate-aus-eine-microsoft-ca-anfordern-und-im-apache-einbinden Subsequently, this PFX was filed according to the instructions. However, the self-signed certificate is displayed again and again. Has anyone implemented this? Edited June 27, 2019 by Marcos Machine translation added Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted June 27, 2019 ESET Staff Share Posted June 27, 2019 Unfortunately I am not able to provide answer in german, but I will provide required steps to replace certificate in ESMC appliance to verify that nothing was missed. Link you provided provides steps to install custom certificate into Apache HTTP Server, which is used as HTTP proxy -> you have to change configuration of Apache Tomcat instead. Technically you have to: obtain your new certificate. Either in Java keystore format or possibly in PFX format (this was not tested) Locate proper section of Apache Tomcat configuration file /etc/tomcat/server.xml. You have to find section that looks like this: <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA" keystoreFile="/etc/tomcat/.keystore" keystorePass="thisissomerandompassword" keyAlias="tomcat" /> You have to adapt configuration to use your custom certificate. For this purpose, parameters keystoreFile, keystorePass and keyAlias are used. In case PFX certificate is used, you will have to use keystoreType="PKCS12" instead of keyAlias. Link to comment Share on other sites More sharing options...
sag 0 Posted June 29, 2019 Author Share Posted June 29, 2019 Hello Martin, thanks for the information. The problem is solved. I had my own connector created with port 443. I did not know that in the IPTable a port forwarding on 8443 was set up. Thanks for your information .. Link to comment Share on other sites More sharing options...
Recommended Posts