Symantec IGA

 View Only
  • 1.  Provisioning and connector server certificates update

    Posted Aug 26, 2019 02:49 AM
    Hello,
    we need to replace native certificates related to the following ports with ones created by our enterprise certification authority:
    20390, 20411, 20404, 22002, 20443,20394, 20396, 20391, 20404.

    I read the following documentation, suggested in another request:
    Replace Native Certificates with SHA-2 Signed SSL Certificates

    We already have a certificate pfx file generated by our enterprise certification authority with the servername.subdomain.domain as CN, privatekey and the certificate chain from our certification authority.

    Which are the requirements to create the pem certificates and keys? Could we use openssl with pkcs12 parameter?
    Do we need to have a certificate with the same CN (eta_server, eta_client, provisioning services, etc..) of we can use a different name, for example the servername as CN?
    Can eta_client and eta_server certificates be the same one?
    Do we need to delete and import the certificates in java (connector/provisioning/im) keystores with the same alias or we can add new certificates with different alias?

    Thanks.


  • 2.  RE: Provisioning and connector server certificates update

    Broadcom Employee
    Posted Aug 27, 2019 10:07 AM
    Does anyone have anymore suggestions for Davide?  Thank you all!

    ------------------------------
    Best regards,

    Scott Owens
    Sr Support Engineer
    Enterprise Software Division
    Broadcom Inc.
    ------------------------------



  • 3.  RE: Provisioning and connector server certificates update
    Best Answer

    Posted Aug 28, 2019 02:53 AM
    Hi Davide,

    We are also using the certificates from my Enterprise  certificate authority, 
    Yes we are using openssl with pkcs12 parameter 
    for certificate CN  eta_server but please do add subject alternative name as your server name , else with new version it will give you an error for certificate name mismatch 
    same goes for other certificate eta_client , please add subject alternative name as your server name  



  • 4.  RE: Provisioning and connector server certificates update

    Posted Aug 28, 2019 09:10 AM
    Thank you very much for the answer.
    We're going to request and set the new certificate following your suggestions.
    Did you follow any kb article that describes the replacement step by step?
    Regards


  • 5.  RE: Provisioning and connector server certificates update

    Posted Aug 28, 2019 11:49 AM
    Edited by bhanu sudheer Aug 28, 2019 11:49 AM
    Hi Davide,

    Mostly we follow the KB article , just in place we used my certificate authority certificates