Downloads

Versions Compared

Old Version 11

changes.mady.by.user stefan fried [panagenda]

Saved on

compared with

New Version Current

changes.mady.by.user stefan fried [panagenda]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

Creation of an own SSL Certificate or import of an existing SSL certificate is only required when it is NOT POSSIBLE to use the default panagenda GreenLight SSL certificate.


Import an existing  SSL

...

Certificate  (optional)

  • Copy PEM and KEY file to

...

...

/opt/panagenda/appdata/volumes

...

/nginx

...


IMPORTANT: Please use the same filename for your keys!

Image Modified


  • open PUTTY console and execute: docker restart gl_nginx
    Wait until NGINX container is restarted and access again the Webpage of GL.
    The new SSL is now active:
    Image Modified

...

Create a new SSL Certificate < v3.5 (optional)

The following describes the creation of a new SSL certificate for panagenda GreenLight using the "keytool" script. Follow these steps on the panagenda GreenLight appliance console: 

  1. delete the current certificate: sudo /opt/java/bin/keytool -delete -alias tomcat -keystore root/.keystore(the default keystore password is "changeit")
  2. create the new certificate: sudo /usr/lib/jvm/jdk/bin/keytool -genkey -alias tomcat -keyalg rsaa "wizard" will guide you through the creation of the new SSL certificate
  3. When asked for your "first and last name", provide the IP address or domain name for your panagenda GreenLight appliance 
    Image Removed
  4. When asked for a password for the key, provide the default password "changeit"

 
After the appliance restart, your newly created certificate will be used for SSL connection encryption – therefore no warnings will appear when a connection is established from a browser to the virtual appliance.
 

Import an existing SSL Certificate < v3.5 (optional)

If available, you could import your own SSL certificate by following these steps on the panagenda GreenLight appliance console: 

  1. Copy the certificate to /tmp
  2. Remove self issued cert from keystore sudo /usr/lib/jvm/jdk/bin/keytool -delete -alias tomcat -keystore /root/.keystore
  3. Import private key to /root/.keystore sudo /usr/lib/jvm/jdk/bin/keytool -importkeystore -srcalias 1 -srcstorepass <pfx-password> -srckeystore /tmp/yourprivkey.pfx -srcstoretype pkcs12 -destkeystore /root/.keystore -deststoretype JKS -destalias tomcat
  4. It is import that your private key uses the same password as the keystore, so change it to changeitsudo /usr/lib/jvm/jdk/bin/keytool -alias tomcat -keypasswd
Note
titleNote

You have to type the password three times, first for the keystore and two times to change the password.

...