To change the certificate on the DCO server, your SSL certificate be an Apache 2.x/PEM format certificate consisting of two files: *.key and *.crt.
It is best practice to disable access to the web clients before starting to update any certificates to ensure no client is connected with a false certificate.
In a cluster setup (not supported in DCO 8.3.x), certificates can only be uploaded to the master but are automatically synchronized to the slave.
If your setup includes a disaster recovery node and you need a certificate on it, upload certificates to the DR server in the same way as for a standalone server.
Preparing a certificate for upload
A password protected key is not supported. Strip the password from the key before uploading it.
Intermediate or certificate bundle
If your certificate chain requires an intermediate certificate, append it to the .cert file. When appending, ensure you include everything, including the lines: "
-----BEGIN CERTIFICATE-----" & "
-----END CERTIFICATE-----" as there may be several lines for this intermediate certificate.
No users in the system during upload
The Apache HTTPD server will be reloaded during this process, so ensure no users are using the system during the upload.
Uploading a certificate
- Open the Webmin web interface by selecting Administration>Webmin in the Data Center Operation web client.
Alternatively, type the address of your Data Center Operation server in a Web browser followed by :10000,
https://<DCO server IP>:10000.
- Log into Webmin using the user credentials created during the installation and in the left menu, select StruxureWare DC Operation.
- In the submenu, select Certificates.
- Follow the instructions on the page.
- Verify everything is working correctly by launching a web client and checking there's a green padlock icon in the address line.