Skip to main content
Skip table of contents

Domain certificate update - server.pem

Overview

This article describe the procedure how to replace server.pem certificate that is used by haproxy service.

Step 1 - Generate a sign certificate

Generate a signed certificate and save it as a PKCS12 file , according to internal procedures.

Step 2 - Extract the server.pem from certificate

Copy the PCKS12 file to all webapp servers and run the following command to extract the certificate.

CODE 
bash /etc/veridiumid/scripts/convert_haproxy_cert.sh PKCS_FILE

Step 3 - Update Truststore, using the VeridiumID Admin Dashboard

  1. Access VeridiumID Admin Console → Settings → Certificates → Truststores.

  2. Select Add Truststore & use the Certificate Content method in order to upload the certificate using the same procedure used in the previous steps.

Step 4 - Copy server.pem to different services

CODE 
## it is mandatory to change for haproxy
cp conversion_result/server.pem /etc/veridiumid/haproxy/server.pem; chown ver_haproxy:veridiumid /etc/veridiumid/haproxy/server.pem
service ver_haproxy restart

## optional: change for freeradius, only if you are using TCP/SSL protocal; if UDP is used, this step can be skipped
cp conversion_result/server.pem /opt/veridiumid/freeradius/etc/raddb/certs/server.pem
cp conversion_result/server.pem /opt/veridiumid/freeradius/etc/raddb/certs/client.pem
chown ver_freeradius.veridiumid /opt/veridiumid/freeradius/etc/raddb/certs/server.pem
chown ver_freeradius.veridiumid /opt/veridiumid/freeradius/etc/raddb/certs/client.pem

service ver_freeradius restart

## optional: change for websecadmin, if port 9443 is used to access websecadmin from external services
cp /opt/veridiumid/websecadmin/certs/ca_root.pkcs12 /opt/veridiumid/websecadmin/certs/ca_root.pkcs12.old   
take the password: grep server.ssl.key-store-password /opt/veridiumid/websecadmin/conf/websecadmin.properties
openssl pkcs12 -export -in /opt/veridiumid/haproxy/conf/server.pem -inkey /opt/veridiumid/haproxy/conf/server.pem -name 'tomcat' -out /opt/veridiumid/websecadmin/certs/keystore.p12
cp /opt/veridiumid/websecadmin/certs/keystore.p12 /opt/veridiumid/websecadmin/certs/ca_root.pkcs12

service ver_websecadmin restart

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close