Welcome to the Liquidware Community Site.
Current and Future Clients/Partners are Welcome.

Creating and Importing a self signed certificate into StratusphereUX

pbislimipbislimi ✭✭
edited May 13 in Stratusphere API

We have a KB article which describes how to create a signed certificate and import that into StratusphereUX which you can find here.

https://www.liquidware.com/content/pdf/documents/support/Liquidware-How-Place-Signed-SSL-Certificate-Stratusphere-Appliances.pdf

In this community post however we're describing how you can generate a self-signed certificate using Microsoft PowerShell and import that into StratusphereUX. The Self-Signed certificate can be use for test environments where you don't want to import an official certificate. Note that if you have an official cerficate you can also use this guide but then you do not need to perform step 1 and 2.

The steps are describing in such a manner that you don't need to change any of the parameters apart from the DNS names. These DNS names only need to be changed in the Powershell Script. The rest of the steps are generic.

Note: If you already have a certificate .key and .crt file (which are typically delivered when you buy a certificate online) you can skip the Powershell and OpenSSL step completely)

Step 1. In Powershell:

Using Powershell we will generate the self signed certificate that we are going to import into StratusphereUX.

Open and elevated Powershell_ise and paste the information below into the script past. Edit the DNS name values to your liking. Add as many DNS names as you like, just make sure to put each DNS names between quotes and seperate them with a comma.

Then run the powershell code to create the certificate


  $Cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname "192.168.178.143", "abc.liquidware.com", "ux.liquidware.com", "ux.liquidware.eu" 
  Export-Certificate -Cert $Cert -FilePath $Env:USERPROFILE\Desktop\selfsignedcertificate.crt
 
  $Secure = Read-Host -AsSecureString
  Export-PfxCertificate -Cert $Cert -Password $Secure -FilePath $Env:USERPROFILE\Desktop\selfsignedcertificate.pfx

 

Step 2. In OpenSSL

Download: https://slproweb.com/download/Win64OpenSSL_Light-1_1_1g.msi

OpenSSL is being used to convert the previously generated certificate to a non-encrypted file which can be read by StratusphereUX. This step will generate 2 files. A .crt file and a .key file.

Install OpenSSL and open an elevated commandprompt. Typically OpenSSL installs into "C:\Program Files\OpenSSL-Win64\bin\openssl.exe". cd to the installation directory.

Copy and past the following lines in to the command-prompt one by one. Enter the same password as before wherever a password is asked.


  openssl pkcs12 -in "%USERPROFILE%\Desktop\selfsignedcertificate.pfx" -out "%USERPROFILE%\Desktop\crt.key"
  openssl pkcs12 -in "%USERPROFILE%\Desktop\selfsignedcertificate.pfx" -clcerts -nokeys -out "%USERPROFILE%\Desktop\selfsignedcertificate.crt" 
  openssl rsa -in "%USERPROFILE%\Desktop\crt.key" -out "%USERPROFILE%\Desktop\selfsignedcertificate.key"

 

Step 3. In FileZilla:

Download: https://filezilla-project.org/download.php

We will use Filezilla to copy the 2 files onto the HUB.

Install Filezilla and connect to the Stratusphere HUB. Log in using User ID: ‘friend’ and Password: ’sspassword’ 

  Copy selfsignedcertificate.crt to /home/friend

  Copy selfsignedcertificate.key to /home/friend

 

Step 4. In Putty or the Stratusphere UX Console:

Download: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

As a final step we will run some Linux commands to put the certificate files in the correct place where the Hub can read them.

On the Stratusphere Hub appliance local console or via Putty, log in using User ID: ‘friend’ and Password: ’sspassword’. Then execute the following lines one by one. After the "su -" command use the same password.

su – 

mv /home/friend/selfsignedcertificate.crt /etc/lwl/ssl/ssl.crt
mv /home/friend/selfsignedcertificate.key /etc/lwl/ssl/ssl.key
chown root:root /etc/lwl/ssl/ssl.crt
chmod 644 /etc/lwl/ssl/ssl.crt
chmod 640 /etc/lwl/ssl/ssl.key
cd /etc/lwl/ssl
restorecon –r /etc/lwl/ssl
 
/etc/init.d/httpd restart

On versions 6.1.3 and higher, use the following command: 
/etc/init.d/lwl-httpd24 restart 

Once these steps are complete you can access the hub via the web interface to check the certificate.

NOTE: Make sure you trust the certificate on the clients accessing the web interface.


If anything in this document is unclear feel free to comment below and we will make sure to update the article.

Sign In or Register to comment.