Current and Future Clients/Partners are Welcome.
Creating and Importing a self signed certificate into StratusphereUX
We have a KB article which describes how to create a signed certificate and import that into StratusphereUX which you can find here.
In this community post however we're describing how you can generate a self-signed certificate using Microsoft PowerShell and import that into StratusphereUX. The Self-Signed certificate can be use for test environments where you don't want to import an official certificate. Note that if you have an official cerficate you can also use this guide but then you do not need to perform step 1 and 2.
The steps are describing in such a manner that you don't need to change any of the parameters apart from the DNS names. These DNS names only need to be changed in the Powershell Script. The rest of the steps are generic.
Note: If you already have a certificate .key and .crt file (which are typically delivered when you buy a certificate online) you can skip the Powershell and OpenSSL step completely)
Step 1. In Powershell:
Using Powershell we will generate the self signed certificate that we are going to import into StratusphereUX.
Open and elevated Powershell_ise and paste the information below into the script past. Edit the DNS name values to your liking. Add as many DNS names as you like, just make sure to put each DNS names between quotes and seperate them with a comma.
Then run the powershell code to create the certificate
$Cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname "192.168.178.143", "abc.liquidware.com", "ux.liquidware.com", "ux.liquidware.eu" Export-Certificate -Cert $Cert -FilePath $Env:USERPROFILE\Desktop\selfsignedcertificate.crt $Secure = Read-Host -AsSecureString Export-PfxCertificate -Cert $Cert -Password $Secure -FilePath $Env:USERPROFILE\Desktop\selfsignedcertificate.pfx
Step 2. In OpenSSL
OpenSSL is being used to convert the previously generated certificate to a non-encrypted file which can be read by StratusphereUX. This step will generate 2 files. A .crt file and a .key file.
Install OpenSSL and open an elevated commandprompt. Typically OpenSSL installs into "C:\Program Files\OpenSSL-Win64\bin\openssl.exe". cd to the installation directory.
Copy and past the following lines in to the command-prompt one by one. Enter the same password as before wherever a password is asked.
openssl pkcs12 -in "%USERPROFILE%\Desktop\selfsignedcertificate.pfx" -out "%USERPROFILE%\Desktop\crt.key" openssl pkcs12 -in "%USERPROFILE%\Desktop\selfsignedcertificate.pfx" -clcerts -nokeys -out "%USERPROFILE%\Desktop\selfsignedcertificate.crt" openssl rsa -in "%USERPROFILE%\Desktop\crt.key" -out "%USERPROFILE%\Desktop\selfsignedcertificate.key"
Step 3. In FileZilla:
We will use Filezilla to copy the 2 files onto the HUB.
Install Filezilla and connect to the Stratusphere HUB. Log in using User ID: ‘friend’ and Password: ’sspassword’
Copy selfsignedcertificate.crt to /home/friend
Copy selfsignedcertificate.key to /home/friend
Step 4. In Putty or the Stratusphere UX Console:
As a final step we will run some Linux commands to put the certificate files in the correct place where the Hub can read them.
On the Stratusphere Hub appliance local console or via Putty, log in using User ID: ‘friend’ and Password: ’sspassword’. Then execute the following lines one by one. After the "su -" command use the same password.
su – mv /home/friend/selfsignedcertificate.crt /etc/lwl/ssl/ssl.crt mv /home/friend/selfsignedcertificate.key /etc/lwl/ssl/ssl.key chown root:root /etc/lwl/ssl/ssl.crt chmod 644 /etc/lwl/ssl/ssl.crt chmod 640 /etc/lwl/ssl/ssl.key cd /etc/lwl/ssl restorecon –r /etc/lwl/ssl /etc/init.d/httpd restart On versions 6.1.3 and higher, use the following command: /etc/init.d/lwl-httpd24 restart
Once these steps are complete you can access the hub via the web interface to check the certificate.
NOTE: Make sure you trust the certificate on the clients accessing the web interface.
If anything in this document is unclear feel free to comment below and we will make sure to update the article.