Creating new certificate for web console

[RobertGraham]

Using the CHKP supplied vmware zip, I fired up an R60 version of SPLAT. The preconfigured IP etc weren't satisfactory, so I changed them. Now the certificate doesn't match and I want to change this.

I found a binary called new_p12_cert in the directory /opt/spwm/bin. However, I don't know where to generate a new p12 file. Is there a tool in SPLAT to do this? Or is there perhaps an SK explaining this that I couldn't find.

On IPSO this is easy, I just don't know how to do this for SPAT.

[swelck]

Anyone know how to do this?

[aenima]

Hi all,

I have the same problem here. Help ???

[abusharif]

Quote:

Originally Posted by RobertGraham

.....
I found a binary called new_p12_cert in the directory /opt/spwm/bin. However, I don't know where to generate a new p12 file. .........

/opt/spwm/servcert

[aenima]

OK thanks for that.

But now how can i generate a new certificate based on the new ip address since when i connect to the new https address i m asked to accept a certificate based on the old ip address ?

[seadog]

I'm not sure if it's the correct method or not, but here's what seems to have worked for me:

- /etc/rc.d/init.d/CPwebis checks to see if /opt/spwm/servcert/servcert.p12 exists

- if it doesn't exist then it runs the following command to generate one:
/opt/spwm/bin/new_p12_cert /opt/spwm/servcert/servcert.p12 CN="$MYIPADDR"
... where $MYIPADDR is the IP of eth0.

- I suppose I could have run the above command by hand, but what I chose to do was rename "servcert.p12" to "servcert.p12.old" and then reboot. Once it had come back up it had regenerated "servcert.p12" and I could login to the WebUI without problem (excepting the warning about the certificate not being signed by a trusted CA).

I *think* this is what we're all trying to do.

[aenima]

Yes you are right, that's what i am trying to do.
And your method is simple and perfect !

Thanks a lot !!!