How-To change/install an SSL Certificate on Skyformation Server - Step by step guide
This guide will help you to change the default https server certificate with one provided by the customer.
In all the steps, make sure you have root access.
- Locate the sk4_conf directory under /opt/exabeam/data/sk4/conf.
If you can't find it under the above directory, run the following command to locate it:
docker volume inspect sk4_conf
If the directory doesn't exist, please contact our support team at email@example.com.
- (IMPORTANT) backup sk4cacerts, sk4keystore.jks files.
- Copy your certificate to the sk4_conf volume located in step 1.
- Run this command to enter the tomcat container:
docker exec -ti $(docker container ls | grep sk4 | grep tomcat | cut -f1 -d" ") bash
- Navigate to the sk4conf directory inside the container:
- Based on your certificate file format, run the corresponding command:
Rename your certificate file to SF_cert.pem
openssl pkcs7 -inform der -print_certs -in <your-certificate-file>.p7b -out SF_cert.pem
openssl x509 -inform der -print_certs -in <your-certificate-file>.crt -out SF_cert.pem
- Merge your PEM certificate with the private key (app.key) into p12:
openssl pkcs12 -export -name skyformation -in SF_cert.pem -inkey app.key -out merged.p12
Note: the alias "skyformation" is important!
- Remove the existing skyformation certificate:
keytool -delete -alias skyformation -keystore sk4keystore.jks
- Import p12 into keystore:
keytool -importkeystore -srcstoretype pkcs12 -srckeystore merged.p12 -destkeystore sk4keystore.jk
If the certificate password is not 'changeit' and the keystore password was left unchanged, then change the password in this case:
keytool -keypasswd -alias skyformation -keypass <old-password> -new changeit -keystore sk4keystore.jks -storepass changeit
The password for the keystore by default is changeit and must be equal to the SkyFormation alias password.
(OPTIONAL) if you would like to set a password other than the default password, then follow these steps:
Run the following command to add your new password to the keystore:
keytool -storepasswd -new <new-password> -keystore sk4keystore.jks -storepass changeit
- Open /usr/local/tomcat/conf/server.xml for the update, change password from "changeit" to your new password:
- Exit the container:
- Restart the app to take effect:
sudo systemctl restart sk4compose