Installing a Self-Signed Digital Certificate
This procedure describes how to install a self-signed digital certificate. When connecting an ObserveIT Unix/Linux Agent using a self-signed digital certificate, you need to download and verify the certificate.
Prerequisite: See Locating the Certificates for information about verifying and locating a certificate and how to locate the /certs directory.
To install and verify a self-signed digital certificate
-
Open the certs folder.
- Initiate an SSL connection to the Application Server by running the command (in this example, the IP address is 10.2.8.19 and the port number is 443):
openssl s_client -connect 10.2.8.19:443 < /dev/null | openssl x509 -out obit.pem
The reply from the server shows the certificate with which the Application Server identifies. The certificate is saved in the file obit.pem.
- Extract the certificate's hash, and use it as a symbolic link to the certificate:
ln -s obit.pem `openssl x509 -in obit.pem -noout -hash`.0
The symbolic link must end with ".0"; otherwise OpenSSL will not be able to find the certificate.
- Verify the certificate installation by running the commands:
openssl verify obit.pem
openssl verify 3ee7e181.0
If the certificate was successfully installed, the following response appears:
obit.pem: OK
3ee7e181.0 OK