RSA Product Set: RSA Security Analytics
RSA Product/Service Type: Warehouse
Platform: Centos
O/S Version: EL6
Using an external certificate to start web server on SAW Node.
Assuming a certificate has been issued by an external CA for the SAW node web server and the below files have been collected:
ca.pem : The PEM format CA Certificate Chain
mycert.pem : The PEM format HTTPS Server Certificate
mykey.pem : The PEM format Private Key for the HTTPS Server
SSH to the SAW Node and follow the below steps:
Step 1: Create the Certificate Chain
cat mycert.pem ca.pem > mycertchain.pem
Step 2: Create a PKCS12 Keystore using chain and private key
openssl pkcs12 -export -in mycertchain.pem -inkey mykey.pem -out saw.p12 -name saw -CAfile ca.pem -caname sawca
Step 3: Merge the Keystore so that the Certificate and Key is imported into SSL Keystore
keytool -importkeystore -srckeystore saw.p12 -destkeystore /opt/mapr/conf/ssl_keystore -srcstoretype PKCS12 -deststoretype JKS
Step 4: Restart Web Server
/opt/mapr/adminuiapp/webserver stop
/opt/mapr/adminuiapp/webserver start
Step 5: Check with Open SSL
openssl s_client -connect localhost:8443
