Layer 7 Identity Management

Expand all | Collapse all

Provisioning and connector server certificates update

Jump to Best Answer
  • 1.  Provisioning and connector server certificates update

    Posted 22 days ago
    Hello,
    we need to replace native certificates related to the following ports with ones created by our enterprise certification authority:
    20390, 20411, 20404, 22002, 20443,20394, 20396, 20391, 20404.

    I read the following documentation, suggested in another request:
    Replace Native Certificates with SHA-2 Signed SSL Certificates

    We already have a certificate pfx file generated by our enterprise certification authority with the servername.subdomain.domain as CN, privatekey and the certificate chain from our certification authority.

    Which are the requirements to create the pem certificates and keys? Could we use openssl with pkcs12 parameter?
    Do we need to have a certificate with the same CN (eta_server, eta_client, provisioning services, etc..) of we can use a different name, for example the servername as CN?
    Can eta_client and eta_server certificates be the same one?
    Do we need to delete and import the certificates in java (connector/provisioning/im) keystores with the same alias or we can add new certificates with different alias?

    Thanks.


  • 2.  RE: Provisioning and connector server certificates update

    Posted 21 days ago
    Does anyone have anymore suggestions for Davide?  Thank you all!

    ------------------------------
    Best regards,

    Scott Owens
    Sr Support Engineer
    Enterprise Software Division
    Broadcom Inc.
    ------------------------------



  • 3.  RE: Provisioning and connector server certificates update
    Best Answer

    Posted 20 days ago
    Hi Davide,

    We are also using the certificates from my Enterprise  certificate authority, 
    Yes we are using openssl with pkcs12 parameter 
    for certificate CN  eta_server but please do add subject alternative name as your server name , else with new version it will give you an error for certificate name mismatch 
    same goes for other certificate eta_client , please add subject alternative name as your server name  



  • 4.  RE: Provisioning and connector server certificates update

    Posted 20 days ago
    Thank you very much for the answer.
    We're going to request and set the new certificate following your suggestions.
    Did you follow any kb article that describes the replacement step by step?
    Regards


  • 5.  RE: Provisioning and connector server certificates update

    Posted 20 days ago
    Edited by bhanu sudheer 20 days ago
    Hi Davide,

    Mostly we follow the KB article , just in place we used my certificate authority certificates