Updated on 2022-02-22 GMT+08:00

Replacing CA Certificates

Scenarios

A CA certificate is a digital file signed and issued by an authentication authority. It contains the public key, information about the owner of the public key, information about the issuer, validity period, and certain extension information. It is used to set up a secure information transfer channel between the Agent and the server.

If the CA certificate does not comply with the security requirements or has expired, replace it for security purposes.

Prerequisites

  • The username and password for logging in to an ECS have been obtained.
  • A new CA certificate is ready.

Procedure (Linux)

  1. Log in the Linux server with the Agent installed.
  2. Run the following command to disable user logout upon system timeout:

    TMOUT=0

  3. Run the following command to switch to user rdadmin:

    su - rdadmin

  4. Run the following command to go to the path to the Agent start/stop script:

    cd /home/rdadmin/Agent/bin

  5. Run the following command to stop the Agent:

    sh agent_stop.sh

  6. Run the following command to go to the path to the CA certificate:

    cd /home/rdadmin/Agent/bin/nginx/conf

  7. Run the following command to delete the existing CA certificate:

    rm bcmagentca.crt

  8. Copy the new CA certificate file into the /home/rdadmin/Agent/bin/nginx/conf directory and rename the file bcmagentca.crt.
  9. Run the following commands to change the owner of the CA certificate:

    chown rdadmin:rdadmin bcmagentca.crt

  10. Run the following command to modify the permissions on the CA certificate:

    chmod 400 bcmagentca.crt

  11. Run the following command to go to the path to the Agent start/stop script:

    cd /home/rdadmin/Agent/bin

  12. Run the following command to start the Agent:

    sh agent_start.sh

Procedure (Windows)

  1. Log in to the ECS with the Agent installed.
  2. Go to the Installation path\bin directory.
  3. Run the agent_stop.bat script to stop the Agent.
  4. Go to the Installation path\nginx\conf directory.
  5. Delete the bcmagentca.crt certificate file.
  6. Copy the new CA certificate file into the Installation path\nginx\conf directory and rename the file bcmagentca.crt.
  7. Go to the Installation path\bin directory.
  8. Run the agent_stop.bat script to service.