Install Third-Party Certificate
Use the following procedure to install a third-party certificate on GigaVUE-FM:
| 1. | Generate a certificate and a private key file in pem format. Use the following command on Linux or a Linux app (such as Cygwin) for generating the files: |
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privatekey.pem -out certificate.pem
| 2. | Copy the contents of the certificate file. You will use the contents in Step . |
Note: When you copy the contents, do not delete the EOL characters at the start of each line.
| 3. | Log in to the GigaVUE-FM CLI. |
| 4. | Execute the following steps from the shell prompt as a root user (sudo): |
| • | Replace SSLCertificateFile: /etc/pki/tls/certs/localhost.crt |
Note: In case of chain of certificates, bundle the server, intermediate, and root certificates into a single certificate file before replacing the localhost.crt.
| • | Replace SSLCertificateKeyFile: /etc/pki/tls/private/localhost.key |
| • | Provide access to certificate: chmod 644 |
| • | Provide access to key: chmod 600 |
Note: For chain of certificates, add the SSLCertificateChainFile directive to /etc/httpd/conf.d/ssl.conf:
sudo vim /etc/httpd/conf.d/ssl.conf. SSLCertificateChainFile /etc/pki/tls/certs/localhost.crt.
| • | Restart apache as root: systemctl restart httpd |
The system will now start using the newly installed certificate.
GigaVUE-FM uses a public key (cms.p12 file) to encrypt the Security Assertion Markup Language (SAML) messages. You can either use the default public key available in GigaVUE-FM or generate a new public key using the following command:
sudo openssl pkcs12 -export -name CMS -out /etc/gigamon/cms.p12 -inkey /etc/pki/tls/private/localhost.key -in /etc/pki/tls/certs/localhost.crt -passout pass:cms123
You will be prompted for a pass phrase for the localhost.key.
After the public key (cms.p12 file) is generated, place the file in the /etc/gigamon directory.
Document INFORMATION 
