Dear Mark, Thank you for sharing the info.
However, I have few doubts here, for example, I have created CSR on single appliance with wild cards , However, while Importing CA Signed certificate to other appliance, it saying that "
COL1> store certificate gui console
ERROR: Unable to locate a Certificate Signing Request (CSR).
Are you importing a GUI certificate that was generated externally? [y/N]"
==================================================================================================
However, upon selecting below option it is asking to Insert "PRIVATE KEY" - But, I am not sure about which Private key I should Insert here ...?
COL2> store certificate gui consolez
Are you importing a GUI certificate that was generated externally? [y/N]
y
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /opt/IBM/Guardium/tomcat/.keystore -destkeystore /opt/IBM/Guardium/tomcat/.keystore -deststoretype pkcs12".
WARNING: Alias "tomcat" already exists. Are you sure that you want to replace it? [y/N]
y
Continuing with GUI certificate replacement...
Please paste your private key below in PEM encoded format. A private key in PEM
encoded format should include the '-----BEGIN PRIVATE KEY-----' and '-----END
PRIVATE KEY-----' tags, as follows:
-----BEGIN PRIVATE KEY-----
(Private Key)
-----END PRIVATE KEY-----
Once done pasting your private key, press ENTER followed by CTRL-D to continue.
Could you please help me with this dilemma. I really appreciate your support in this regard.
------------------------------
Akash Parmar
------------------------------
Original Message:
Sent: Sun April 28, 2024 08:53 AM
From: Mark Harris
Subject: How to Install GUI Certificate for multiple Appliances
Hi Akash,
Please review this link:
https://www.ibm.com/support/pages/node/7148983 Is it possible to use a single certificate for all appliances in my environment? |
So you need to create a different csr for each appliance otherwise the only other option is wildcard, but you need to match the requirements.
Many thanks
Original Message:
Sent: 4/28/2024 8:48:00 AM
From: Akash Parmar
Subject: How to Install GUI Certificate for multiple Appliances
Hello Experts, Hope all is well at your side.
I need an guidance on "Guardium GUI Certificate". actually, we have around 10 Appliances on which we required GUI Certificate to be signed by CA. However, I have created CSR request only on 1 appliance & added other appliances hostnames under "SAN". Now, my question is, will I be able to insert single CA signed certificate to other appliances as well ? since, they do not have CSR request generated under them ...? Is there any way around OR Do I need to generate CSR request for each appliance & get it signed by CA and then insert it to individual appliance.
Can anyone please assist me in this scenario. With Many Thanks!
------------------------------
Akash Parmar
+91-9601716334 - IND
+973-39066960 - BAH
------------------------------