Requirement:
AMP : 8.2.4
SSL certificate with PKCS12 format with extension ".pfx" or ".p12"
The certificate should contain intermediate/signing CA cert, server cert and the private key.
We need the password used during the time of certificate conversion.
Note: We can use OpenSSL Commands to Convert SSL Certificates to above supported formats, please refer the following link for the Openssl commands,
https://www.sslshopper.com/ssl-converter.html
Solution:
Installing a valid SSL (Secure Sockets Layer) certificate on AMP 8.2.4.
Configuration:
Step 1: We need to make sure that the file format should be in PKCS12 with extension ".pfx" or ".p12". The file should contain both the private key and the certificate.
Step 2: Login into AMP CLI using ampadmin or similar credential. Choose option "1" from the menu to upload the certificate file.
Step 3: The file can be only uploaded to AirWave using a SCP Source.
For example : I have the certificate file stored in the FTP server (10.10.10.2) in /tmp/ directory. We need to execute the following command to download file from the FTP server to AMP.
SCP Source (user@host:path): root@10.10.10.2:/tmp/certificate.p12
Password:
Uploading root@10.17.164.201:/tmp/certificate.p12
certificate.p12 100%
Step 4: Once the file is uploaded successfully we can verify it in AMP by choosing option 2 "Download file" from the main menu.
Step 5: Now we need to select the option 9 (Security). In the Security menu we need to select 4 to ADD the SSL certificate.
Step 6: We select " ADD the SSL certificate" we will get a menu to choose the certificate as shown below:
Choose the certificate file.
(The file must be in PKCS12 format with ".pfx" or ".p12" filename extension and should contain both the private key and the certificate.)
1 final_airwaveserver.p12 0 bytes 2017-06-07 23:17:44
2 certificate.p12 2,756 bytes 2017-06-07 09:15:38
c >> Cancel
Your choice:2
Step 7: Once after choosing the right file we will be prompted to enter the PKCS12 password as shown below. After we enter the correct password the certificate bundle will be extracted, we will get a prompt to restart the Web UI to install the certificate.
Choose the certificate file.
(The file must be in PKCS12 format with ".pfx" or ".p12" filename extension and should contain both the private key and the certificate.)
1 certificate.pfx 0 bytes 2017-06-07 23:17:44
2 certificate.p12 2,756 bytes 2017-06-07 09:15:38
c >> Cancel
Your choice: 2
Enter PKCS12 password:
PKCS12 bundle extracted successfully.
Proceeding will restart the Web UI and access to it will be interrupted for a few minutes.
Are you sure? (y/n): y
SSL certificate copied into place.
Restarting web services...
Verification
We can verify the certificate installation using any browser chrome, IE, firefox etc by navigating to AirWave hostname and it should not show certificate warning. Provided root certificate is available in the system or browser store.