Cybersecurity
DevOps Cloud
IT Operations Cloud
OpenText product name changes coming to the community soon! Learn more.
Environment
SLES 12
SLES 15
Situation
My commercial certificate used for Vibe is either expired or soon to expire, how can I update the commercial certificate information ?
Cause
n/a
Resolution
NOTE: Please before updating any Vibe server with this procedure, make a snapshot backup of the Vibe server if it is virtualized, just in case. If it is “bare metal”, then at least backup the /opt/novell/teaming/apache-tomcat/conf/ directory before making any changes. And READ this document completely before implementing it.
Updating Public Cert for Vibe
Note:
It is assumed that you have placed a copy of the new updated commercial certificate files on your linux Vibe server, in the /root/Documents/certs/ directory. You have obtained them from your commercial “Certificate Authority”. It should contain the new updated SERVER certificate file ( example for this document is “server.crt” ) . The Intermediate certificate file ( example is : “intermediate.crt” ), and the Private Key file ( “private.key” ). Substitute your names as needed.
Note:
If this procedure is not done correctly, or if you used another procedure, there is a chance the Vibe server process will not start OR it will start but when you go to a browser and try to go to the Vibe website, you will not be able to reach a Vibe login page.
Vibe can use a pkcs#12 file to import into a .keystore. The following steps allow you to convert the components of a standard or wildcard Certificate appropriately, and then put it in place on the Vibe Server.
Steps to Follow :
openssl rsa -in <private.key> -out <nopass.key>
(If prompted for pass phrase, enter the password used during private key creation)
Note: The key file should be the original private key used, when creating the certificate signing request (CSR)
openssl pkcs12 -export -in <server.crt> -inkey <nopass.key> -out <keypair.p12> -name tomcat -certfile <intermediate.crt>
Note: Use the certificate files from step 1 to replace <server.crt> and <intermediate.crt>. Use your names as needed.
Note: IF needed, add another statement of -certfile for every intermediate or root certificate if there is more than one.
Also, -certfile is not required if there are no other certificate chain file.
Note: Input a password that will be used to import the pkcs12 key pair
4. Create the new .keystore file:
Note: “changeit” is a common password to use when creating the new “keypair.p12” certificate file for Vibe. Consider that .
/opt/novell/teaming/jre/bin/keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore .keystore_new -srckeystore keypair.p12 -srcstoretype PKCS12 -srcstorepass <pass phrase of keypair.p12> -alias tomcat
Note: changeit is the default keytool password.
mv .keystore_new /opt/novell/teaming/apache-tomcat/conf/
cd /opt/novell/teaming/apache-tomcat/conf/
Change the ownership, and rights of the .keystore_new
chown --reference .keystore .keystore_new
chmod --reference .keystore .keystore_new
Test Keystore:
keytool -list -keystore .keystore OR
keytool -list -keystore .keystore -storetype pkcs12
Back up the existing .keystore
mv .keystore .keystore_old
Rename the new .keystore
mv .keystore_new .keystore
systemctl stop vibe
systemctl start vibe
systemctl status vibe
NOTE: After you restart Vibe, give it about 10 minutes before trying to login at the browser.