Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            AZT SSL Certificate Generation + Application (AWS)

            Modified on Tue, 4 Nov at 3:32 PM

            TABLE OF CONTENTS


            Overview

            Use the directions below to generate an SSL Certificate for a Trustcenter hosted in AWS.


            Generate a Certificate Signing Request

            1. Login to the Trustcenter Console.
            2. Open a Terminal and escalate to the root user.
              sudo su -
            3. Generate a Private Key and Certificate Signing Request.
              openssl req -newkey rsa:4096 -keyout <FQDN>.key -out <FQDN>.csr
		
# Example
openssl req -newkey rsa:4096 -keyout tc.ariacybersecurity.com.key -out tc.ariacybersecurity.com.csr
            4. Move the Private key to the correct directory.
              mv FQDN.key /etc/ssl/private/
            5. Copy the Private Key and CSR off the Trustcenter and save to a safe location.
            6. Use the CSR to request an SSL certificate from a Certificate Authority(CA).
              The top ranking CAs are listed in the Providers section of the CA wiki.
              https://en.wikipedia.org/wiki/Certificate_authority 
            7. Once an SSL certificate is received, move to the next section for applying on the Trustcenter.


            Apply an SSL Certificate

            1. Login to the Trustcenter UI and navigate to Settings > System Settings > General.
            2. Enable the SSH service. Click Apply Now.
            3. Secure copy the SSL certificate ZIP to the Trustcenter.
              scp SSL.zip <user>@trustcenter:/home/user/
            4. SSH to the Trustcenter as the user created during post-install and elevate to the root user.
              ssh <user>@trustcenter
$ sudo su -
[sudo] password for user:
root@aria-azt-trustcenter:~#
            5. Move the SSL zip to the root directory and unzip it.
              mv /home/user/SSL.zip /root	
unzip SSL.zip
            6. Unload the Self-Protect Agent.
              rmmod AztAgent
            7. Create the SSL directory and move/copy SSL contents to it.
              mkdir /trustcenter/ca/thirdparty
mv XXXXX.pem /trustcenter/ca/thirdparty/server.pem
mv <intermediate/ca bundle> /trustcenter/ca/thirdparty/ca-chain.pem
cp /etc/ssl/private/FQDN.key /trustcenter/ca/thirdpart/server.key 
            8. Create a passwords.txt and add the Private key passphrase to it.
              echo '<passphrase>' > /trustcenter/ca/thirdparty/passwords.txt
            9. Update permissions.
              chmod 770 /trustcenter/ca/thirdparty
chmod 770 /trustcenter/ca/thirdparty/*
            10. Restart the Trustcenter UI container.
              docker restart trustcenter-proxy-1
            11. Reload the Self-Protect Agent.
              modprobe AztAgent
            12. Navigate to the Trustcenter UI and confirm the SSL certificate is in place. 


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0