EMC Avamar SSL Cert

EMC Avamar SSL Cert Generation

After completing a successful root to root Avamar migration I noticed that the old SSL certs were still being used. Through some digging I finally found a very simple and easy command to update it.

The gen-ssl-cert command installs a temporary Apache web server SSL cert and restarts the web server.

gen-ssl-cert [–debug] [–help] [–verbose]

Note: You must run the gen-ssl-cert as root, and the original files are backed up and saved as:
• /etc/httpd/conf/ssl.crt/server.crt.orig
• /etc/httpd/conf/ssl.key/server.key.orig

In order to view your current certificate you can use the following command:

root@avamarnew:/etc/apache2/ssl.crt/#: openssl x509 -noout -text -in server.crt

Here is the sample of what running the script looks like:

root@avamarnew:/srv/www/#: gen-ssl-cert
Generating RSA private key, 3072 bit long modulus
.........................................................................................++
...................................................................................................................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, YOUR name) []:Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:Signature ok
subject=/C=US/ST=SomeState/L=SomeLocale/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=avamarhq.sccu.local/emailAddress=root
Getting Private key
gen-ssl-cert: INFO: installed these web server SSL temporary certificate files:
-rw------- 1 root root 1708 Mar 2 12:29 /etc/apache2/ssl.crt/server.crt
-rw------- 1 root root 2455 Mar 2 12:29 /etc/apache2/ssl.key/server.key

Checking for httpd2: running
Shutting down httpd2 (waiting for all children to terminate) done
Starting httpd2 (prefork)


Comments

Leave a Reply