Updated on 2022-08-16 GMT+08:00

Replacing the Server Certificate

For security purposes, you may want to use a Secure Socket Layer (SSL) certificate issued by a third-party certification authority. The Agent allows you to replace authentication certificates and private key files as long as you provide the authentication certificates and private-public key pairs. The update to the certificate can take effect only after the Agent is restarted, hence you are advised to update the certificate during off-peak hours.

Prerequisites

  • You have obtained a username and its password for logging in to the management console.
  • The username and password for logging in to a server have been obtained.
  • New certificates in the X.509v3 format have been obtained.

Context

  • The Agent is pre-deployed with the Agent CA certificate bcmagentca, private key file of the CA certificate server.key (), and authentication certificate server.crt. All these files are saved in /home/rdadmin/Agent/bin/nginx/conf (if you use Linux) or \bin\nginx\conf (if you use Windows).
  • You need to restart the Agent after replacing a certificate to make the certificate effective.

Procedure (Linux)

  1. Log in the Linux server with the Agent installed.
  2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

    After the preceding command is executed, the system remains running even when no operation is performed, which results in security risks. For security purposes, run the exit command to exit the system after you finish performing operations.

  3. Run the su - rdadmin command to switch to user rdadmin.
  4. Run the cd /home/rdadmin/Agent/bin command to go to the script path.

    The installation path of the Agent is /home/rdadmin/Agent.

  5. Run the sh agent_stop.sh command to stop the Agent running.
  6. Place the new certificates and private key files in the specified directory.

    Place new certificates in the /home/rdadmin/Agent/bin/nginx/conf directory.

  7. Run the /home/rdadmin/Agent/bin/agentcli chgkey command.

    The following information is displayed:
    Enter password of admin:

    admin is the username configured during the Agent installation.

  8. Type the login password of the Agent and press Enter.

    The following information is displayed:

    Change certificate file name:

  9. Enter a name for the new certificate and press Enter.

    If the private key and the certificate are the same file, names of the private key and the certificate are identical.

    The following information is displayed:

    Change certificate key file name: 

  10. Enter a name for the new private key file and press Enter.

    The following information is displayed:

    Enter new password: 
    Enter the new password again:

  11. Enter the protection password of the private key file twice. The certificate is then successfully replaced.
  12. Run the sh agent_start.sh command to start the Agent.

Procedure (Windows)

  1. Log in to the Windows server with the Agent installed.
  2. Open the CLI and go to the installation path\bin directory.
  3. Run the agent_stop.bat command to stop the Agent running.
  4. Place the new certificates and private key files in the specified directory.

    Place new certificates in the installation path\bin\nginx\conf directory.

  5. Run the agentcli.exe chgkey command.

    The following information is displayed:

    Enter password of admin: 

    admin is the username configured during the Agent installation.

  6. Enter a name for the new certificate and press Enter.

    If the private key and the certificate are the same file, names of the private key and the certificate are identical.

    The following information is displayed:
    Change certificate key file name: 

  7. Enter a name for the new private key file and press Enter.

    The following information is displayed:

    Enter new password: 
    Enter the new password again: 

  8. Enter the protection password of the private key file twice. The certificate is then successfully replaced.
  9. Run the agent_start.bat command to start the Agent.