Install Third-Party Certificate
Use the following procedure to install a third-party certificate on GigaVUE-FM:
1. | Generate a certificate and a private key file in pem format. Use the following command on Linux or a Linux app (such as Cygwin) for generating the files: |
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privatekey.pem -out certificate.pem
2. | Copy the contents of the certificate file. You will use the contents in Step . |
Note: When you copy the contents, do not delete the EOL characters at the start of each line.
3. | Log in to the GigaVUE-FM CLI. |
4. | Execute the following steps from the shell prompt as a root user (sudo): |
• | Replace SSLCertificateFile: /etc/pki/tls/certs/localhost.crt |
Note: In case of chain of certificates, bundle the server, intermediate, and root certificates into a single certificate file before replacing the localhost.crt.
• | Replace SSLCertificateKeyFile: /etc/pki/tls/private/localhost.key |
• | Provide access to certificate: chmod 644 |
• | Provide access to key: chmod 600 |
Note: For chain of certificates, add the SSLCertificateChainFile directive to /etc/httpd/conf.d/ssl.conf
:
Add the following line:
sudo vim /etc/httpd/conf.d/ssl.conf. SSLCertificateChainFile /etc/pki/tls/certs/localhost.crt
.
• | Restart apache as root: systemctl restart httpd |
The system will now start using the newly installed certificate.
GigaVUE-FM uses a public key (cms.p12 file) to encrypt the Security Assertion Markup Language (SAML) messages. You can either use the default public key available in GigaVUE-FM or generate a new public key using the following command:
sudo openssl pkcs12 -export -name CMS -out /etc/gigamon/cms.p12 -inkey /etc/pki/tls/private/localhost.key -in /etc/pki/tls/certs/localhost.crt -passout pass:cms123
You will be prompted for a pass phrase for the localhost.key.
After the public key (cms.p12 file) is generated, place the file in the /etc/gigamon directory.