Creating SSL Certificates for AMP in versions 7.2.4 and greater
This document describes creating a self-signed SSL certificate for AirWave versions 7.2.4 and greater
The easiest solution is to create another self-signed certificate for the server. Here are the steps for creating a self-signed certificate for example.airwave.com:
# sed s/"localhost.localdomain"/"example.airwave.com"/ /root/svn/mercury/lib/conf/openssl.cnf > /tmp/openssl.cnf
# /usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 1827 -out /etc/httpd/conf/ssl.crt/server.crt -config /tmp/openssl.cnf 2> /dev/null
# cat /etc/httpd/conf/ssl.crt/server.crt /etc/httpd/conf/ssl.key/server.key > /etc/httpd/conf/ssl.pem
# service httpd restart
# service pound restart
A better solution is to get a certificate from a real Certificate Authority. That would get rid of those annoying "this certificate was issued by a company you have not chosen to trust" errors, and it would make the server a little bit more secure. The process for doing that is described in an article called "How to install your own cert on AMP".
Also we have seen issues with 2048 bit certificates. After applying the certificate the Pound did not restart (error on line 15, the Cert line ).
So the reason may be that the generated CA certificate would be in binary format (rather than base64) and it fails to install.
If the CA sent a certificate in binary format, We could save it to a windows machine and open it with the windows cert viewer then export it as a base64 cert, then reinstall it on the AMP.