Open with table of contents

Import SSL certificate

To prevent HTTPS warnings when accessing your IG Server user interface, you need to obtain and import an SSL certificate.

To complete this task you need to use an existing, valid certificate that your organization currently owns, or purchase a certificate from a trusted Certificate Authority. You need access to the IG Server UI and the IG Server Terminal Session to complete this task.

The certificate should comprise two files:

• {hostname}.cert: an ASCII-based certificate file prefixed with -----BEGIN CERTIFICATE
• {hostname}.pem: an ASCII-based key file prefixed with -----BEGIN RSA PRIVATE KEY

where {hostname} is the hostname of your IG Server.

How do I...

• Import an SSL certificate?

  If you have access to the system console of your IG Server, you can follow the steps as described below to complete this task. If you only have remote access, you should enable an SSH session first. Show me how

  To enable an SSH session:

  1. From the Home page, click System > Security > SSH Access.

     SSH configuration options are displayed.

  2. Click Edit.
  3. Select the Enable SSH access check box, and type the IP or hostname of the SSH client you want to use to connect to your IG Server.
  4. Click Save.

  5. From the SSH client, connect to your IG Server.

  Leaving SSH access enabled for extended periods might represent a security risk. You should consider disabling SSH when not using it.

  1. Open a Terminal Session on your IG Server.

     A terminal session window is displayed.

  2. Log in as root or a user that has root privileges.

  3. Copy the certificate and key file to the correct folder. From the command line, type the following:

     sudo cp {hostname}.ert /etc/ssl/certs/

     sudo cp {hostname}.pem /etc/ssl/certs/

     where {hostname} is the hostname of your IG Server.

     Do not use ‘igp’ as a hostname, as this will overwrite the default certificate.

  4. Use a text editor to open:

     /etc/opt/rh/rh-nginx112/nginx/conf.d/cs-igp-admin-proxy.conf

  5. Update the following attributes to the ssl settings:

     ssl_certificate /etc/ssl/certs/{hostname}.cert;
     ssl_certificate_key /etc/ssl/certs/{hostname}.pem;

     where {hostname} is the name of the certificate files you copied.

  6. Restart the administration UI application by typing the following command:

     sudo systemctl restart rh-nginx112-nginx.service

See also...

• Configure email alert template
• Configure Information Governance Server
• Import domain controller certificate

© 1995–2019 Clearswift Ltd.