Windows: Installing an SSL certificate generated outside of the Guardium system

Use this procedure to install the SSL certificate that was created by the CA.

About this task

If the CA is sending you a whole certificate to install, you need two files, the private key in PKCS#8 (password protected) format, and the public key in PEM format. The certificate generated needs to be a 2048 bit RSA key.

The CA sends you two files, and the public cert for your CA.  

The public-cert of your CA looks like:

cat Victoria QA CA pem

The public-cert specific to you/this Guardium system looks like:

cat sample given cert

The private key (encrypted with pkx#8) looks like:

cat sample given cert 02

Have these files handy to either import (via scp/ftp/etc) to the Guardium system or to copy-paste into the cli interface on the Guardium system.

Procedure

  1. Log in to the Guardium system via CLI.
  2. Store the private key by entering: cli>  store certificate keystore [import | console] The import takes the saved file, and then copies and pastes the contents of the file into your console interface. It asks for the password that the file was saved with.  Either you provided this to the CA for creation of the certificate, or more likely, they provided you with a password when they sent your files. Here's what it looks like on the Guardium system:
    store system key console
  3. Import the signed certificate with: cli>   store certificate sniffer [import | console] It displays the information on the cert and then asks you to confirm storing the cert. It looks like:
    store system key console02
    certificate 03
  4. Restart the inspection-core for the new certificate to take effect.
Parent topic: Windows: Set up S-TAP authentication with SSL certificates