This document describes creating a self-signed SSL certificate for AirWave versions 7.2.4 and greaterThe easiest solution is to create another self-signed certificate for the server. Here are the steps for creating a self-signed certificate for example.airwave.com: ----------# sed s/"localhost.localdomain"/"example.airwave.com"/ /root/svn/mercury/lib/conf/openssl.cnf > /tmp/openssl.cnf# /usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 1827 -out /etc/httpd/conf/ssl.crt/server.crt -config /tmp/openssl.cnf 2> /dev/null# cat /etc/httpd/conf/ssl.crt/server.crt /etc/httpd/conf/ssl.key/server.key > /etc/httpd/conf/ssl.pem # service httpd restart# service pound restart-----------A better solution is to get a certificate from a real Certificate Authority. That would get rid of those annoying "this certificate was issued by a company you have not chosen to trust" errors, and it would make the server a little bit more secure. The process for doing that is described in an article called "How to install your own cert on AMP". http://www.airwave.com/support/knowledge-base/?sid=50140000000agFCAlso we have seen issues with 2048 bit certificates. After applying the certificate the Pound did not restart (error on line 15, the Cert line ).So the reason may be that the generated CA certificate would be in binary format (rather than base64) and it fails to install.If the CA sent a certificate in binary format, We could save it to a windows machine and open it with the windows cert viewer then export it as a base64 cert, then reinstall it on the AMP.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.