imperva更改8083端口的不安全连接证书

imperva更改8083端口的不安全连接证书

To prevent the following warning message from appearing, a self signed certificate can be created in MX and installed in the browser.

Steps are as follows:

1. SSH into MX as root
2. cd /tmp
3. Create the server key:  openssl genrsa -out host.key 1024
4. Then create a certificate signing request with it. This command will prompt for a series of things (country, state or province, etc.).

* You can also use: 2048 bit or 4096 bit

Note: Make sure that "Common Name (eg, YOUR name)" matches the registered fully qualified domain name of your box (or your IP address). It is also suggested not making a challenge password at this point, since it'll just mean more typing for you.

 

openssl req -new -nodes -key host.key -out host.csr

* You can also use: openssl req -new -key host.key -out host.csr

Common Name: IP address of the server : for eg: 11.11.200.181

 

5. This how to create a self-signed CA certificate (x509) structure with the RSA key of the CA:

 

openssl req -new -x509 -days 365 -key host.key -out host.crt

6. Copy all the three files host* (host.key, host.csr and host.crt) into /opt/SecureSphere/server/bin.
cp host* /opt/SecureSphere/server/bin/

7. Back up the key into root folder by doing the following:
cp /opt/SecureSphere/server/SecureSphere/jakarta-tomcat-secsph/conf/securesphere.kst  /root/

8.  cd /opt/SecureSphere/server/bin/

9. Convert the files into "der" format by doing the following:

Convert certificate : openssl x509 -in host.crt -out cert.der -outform der
Converting server key: openssl pkcs8 -topk8 -nocrypt -in host.key -out private.der -outform der

10. Install the certificate in MX by running the following:

chown mxserver:mxserver importSSLKeys.sh Run: chown mxserver:mxserver keyImporter.jar chmod 755 importSSLKeys.sh

impctl server stop

./importSSLKeys.sh cert.der private.der

impctl server start

然后即可查看网页的证书