Installing a Self-Signed Digital Certificate

This procedure describes how to install a self-signed digital certificate. When connecting an ITM On-Prem (ObserveIT) Unix/Linux Agent using a self-signed digital certificate, you need to download and verify the certificate.

From version 7.14 and as a result of the transition to the Rest protocol, a self-signed certificate may not work on Linux.

Prerequisite: See Locating the Certificates for information about verifying and locating a certificate and how to locate the /certs directory.

To install and verify a self-signed digital certificate

1. Open the certs folder.

2. Initiate an SSL connection to the Application Server by running the command (in this example, the IP address is 10.2.8.19 and the port number is 443):

   openssl s_client -connect 10.2.8.19:443 < /dev/null | openssl x509 -out obit.pem

   The reply from the server shows the certificate with which the Application Server identifies. The certificate is saved in the file obit.pem.

3. Extract the certificate's hash, and use it as a symbolic link to the certificate:

   ln -s obit.pem `openssl x509 -in obit.pem -noout -hash`.0

   The symbolic link must end with ".0"; otherwise OpenSSL will not be able to find the certificate.

4. Verify the certificate installation by running the commands:

   openssl verify obit.pem

   openssl verify 3ee7e181.0

   If the certificate was successfully installed, the following response appears:

   obit.pem: OK

   3ee7e181.0 OK