(SP/Propel) Support Tip: how to apply and verify custom SSL certificates in SMSP and Propel

1. how to replace with custom SSL certificaties in SMSP

 - please refer to official document.
 https://docs.software.hpe.com/SM/9.52/Hybrid/Content/install/smsp_install/replace_smsp_oob_ssl_certificate.htm

 

2. how to verify custom SSL certificates files

 1) SSL certificates files in SMSP

   /opt/hp/propel/security

      CA.crt      // Certified Authority certification file, PEM format

      .keystore   // Java Keystore file where Propel/SMSP host's certification is imported

      propel_host.chain.crt // merged PEM format certification for CA.crt, propel_host.crt and other certified hosts

      propel_host.crt      // Propel/SMSP host's certification file, PEM format

      propel_host.key.rsa // Propel/SMSP host's RSA private key

      propel_host.pfx    // Propel/SMSP host's KCS#12 format

      propel.truststore   // Java Keystore file where all trusted host certifications are imported

 1.png

 

2) verification  ( same to any set of certification files, OOB and custom both )

  • CA.crt

% openssl x509 -issuer -subject -dates -noout -in CA.crt

 2.png

 

  • .keystore

% keytool -list -v -keystore .keystore

3.png

propel2014 as default password

 

  • propel_host.chain.crt

% openssl x509 -issuer -subject -dates -noout -in propel_host.chain.crt

 4.png

 

  • propel_host.crt

% openssl x509 -issuer -subject -dates -noout -in propel_host.crt

 5.png

 

  • propel_host.key.rsa

We can see details of private key by below command, however, it is more important to verify matching between private key and public key

%openssl rsa -noout -text -in propel_host.key.rsa

 verify matching between private key(propel_host.key.rsa) and public key(propel_host.crt)

% openssl x509 -pubkey -in propel_host.crt -noout | openssl md5

% openssl pkey -pubout -in propel_host.key.rsa | openssl md5

 6.png

 

  • propel_host.pfx

% openssl pkcs12 -info -in propel_host.pfx

7.png8.png

propel2014 as default password

 

  • propel.truststore

% keytool -list -v -keystore propel.truststore

9.png10.png

propel2014 as default password

 

Tags: