Juniper STRM 2008.2 - TECHNICAL NOTE USING A TRUSTED CERTIFICATE 6-2008 Using page 2

2
Replacing the
Untrusted SSL
Certificate
Step 1
Step 2
Step 3
Step 4
Release 2008.2
You can replace the untrusted SSL certificate provided with your STRM or STRM
Log Management with a certificate issued by a trusted third-party certifying
authority.
Note: You cannot replace the provided certificate with another untrusted
(self-signed) certificate.
Note: SSL certificates issued from VeriSign require an intermediate certificate.
You must download the intermediate certificate from VeriSign and use it during the
configuration.
To replace the SSL certificate on your Console:
Obtain a trusted certificate from your certificate authority.
Note: Make sure the Administration Console is closed while performing the below
procedure.
Log in to your system, as root.
Copy the obtained certificates to your system:
cd <directory>
cp <private key filename> /etc/httpd/conf/certs/cert.key
cp <public key filename> /etc/httpd/conf/certs/cert.cert
Where:
indicates the directory used to generate the certificate.
<directory>
<private key filename>
key file must be named cert.key.
<public key filename>
key file must be named cert.cert.
If you require an intermediate certificate:
Note: Make sure the Administration Console is closed while performing the below
procedure.
Obtain the intermediate certificate from your certificate authority.
a
Copy the certificate to the following:
b
/etc/httpd/conf/certs/intermediate.ctr
Open the following file:
c
/etc/httpd/conf.d/ssl.conf
Locate the following line:
d
#SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.ctr
Replace the line with the following:
e
SSLCACertificateFile /etc/httpd/conf/certs/intermediate.ctr
Save and exit the file.
f
indicates the name of the private key file. The private
indicates the name of the public key file. The public