Replacing the Server Certificate
For security purposes, users may want to use a Secure Socket Layer (SSL) certificate issued by a third-party certification authority. The Agent allows you to replace authentication certificates and private key files as long as they provide the authentication certificates and private-public key pairs. The update to the certificate can take effect only after the Agent is restarted, hence you are advised to update the certificate in off-peak hours.
Prerequisites
- You have obtained a username and its password for logging in to the management console.
- The username and password for logging in to a server have been obtained.
- New certificates in the X.509v3 format have been obtained.
Context
- The client is pre-deployed with the Agent AC certificate bcmagentca, private key file of the CA certificate server.key (The default protection password of this file is BCM@DataProtect123), and authentication certificate server.crt. All these files are saved in /home/rdadmin/Agent/bin/nginx/conf (if you use Linux) or \bin\nginx\conf (if you use Windows).
- You need to restart the Agent after replacing a certificate to make the certificate effective.
Procedure (Linux)
- Log in the Linux server with the Agent installed.
- Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.
After the preceding command is executed, the system remains running even when no operation is performed, which results in security risks. For security purposes, run the exit command to exit the system after you finish performing operations.
- Run the su - rdadmin command to switch to user rdadmin.
- Run the cd /home/rdadmin/Agent/bin command to go to the script save path.
The installation path of the Agent is /home/rdadmin/Agent.
- Run the sh agent_stop.sh command to stop the Agent running.
- Place the new certificates and private key files in the specified directory.
Place new certificates in the /home/rdadmin/Agent/bin/nginx/conf directory.
- Run the /home/rdadmin/Agent/bin/agentcli chgkey command.
Information similar to the following information is displayed:
Enter password of admin:
admin is the username configured during the Agent installation.
- Type the login password of the Agent and press Enter.
Information similar to the following information is displayed:
Change certificate file name:
- Enter a name for the new certificate and press Enter.
If the private key and the certificate are the same file, names of the private key and the certificate are identical.
Information similar to the following information is displayed:
Change certificate key file name:
- Enter a name for the new private key file and press Enter.
Information similar to the following information is displayed:
Enter new password: Enter the new password again:
- Enter the protection password of the private key file twice. The certificate is then successfully replaced.
- Run the sh agent_start.sh command to start the Agent.
Procedure (Windows)
- Log in the Windows server with the Agent installed.
- Open the CLI and go to the installation path\bin directory.
- Run the agent_stop.bat command to stop the Agent running.
- Place the new certificates and private key files in the specified directory.
Place new certificates in the installation path\bin\nginx\conf directory.
- Run the agentcli.exe chgkey command.
Information similar to the following information is displayed:
Enter password of admin:
admin is the username configured during the Agent installation.
- Enter a name for the new certificate and press Enter.
If the private key and the certificate are the same file, names of the private key and the certificate are identical.
Information similar to the following information is displayed:Change certificate key file name:
- Enter a name for the new private key file and press Enter.
Information similar to the following information is displayed:
Enter new password: Enter the new password again:
- Enter the protection password of the private key file twice. The certificate is then successfully replaced.
- Run the agent_start.bat command to start the Agent.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot