Installing a Self-Signed Digital Certificate

This procedure describes how to install a self-signed digital certificate. When connecting an ObserveIT Unix/Linux Agent using a self-signed digital certificate, you need to download and verify the certificate.

Prerequisite: See Locating the Certificates for information about verifying and locating a certificate and how to locate the /certs directory.

To install and verify a self-signed digital certificate

  1. Open the certs folder.

  2. Initiate an SSL connection to the Application Server by running the command (in this example, the IP address is 10.2.8.19 and the port number is 443):

    openssl s_client -connect 10.2.8.19:443 < /dev/null | openssl x509 -out obit.pem

    The reply from the server shows the certificate with which the Application Server identifies. The certificate is saved in the file obit.pem.

  3. Extract the certificate's hash, and use it as a symbolic link to the certificate:

    ln -s obit.pem `openssl x509 -in obit.pem -noout -hash`.0

    The symbolic link must end with ".0"; otherwise OpenSSL will not be able to find the certificate.

  4. Verify the certificate installation by running the commands:

    openssl verify obit.pem

    openssl verify 3ee7e181.0

    If the certificate was successfully installed, the following response appears:

    obit.pem: OK

    3ee7e181.0 OK