Replacing the MNMP certificate with a self-signed certificate

The procedure for a self-signed certificate is the same as for a CA-signed certificate except that you do not have to add the CA chain of certificates to the Trusted Certificates section. All you need to add is the self-signed certificate.

Part 1 – Trusted Certificate

For each Alluvio appliance that is to communicate with the NetProfiler or NetExpress appliance,

  1. Copy the self-signed certificate, including the BEGIN and END statements. The certificate will be in a format such as:

-----BEGIN CERTIFICATE-----

MIIBsTCCARqgAwIBAgIJAOqvgxZRcO+ZMA0GCSqGSIb3DQEBBAUAMA8xDTALBgNVBAMTBE1henUwHhcNMDYxMDAyMTY

...

ehyejGdw6VhXpf4lP9Q8JfVERjCoroVkiXenVQe/zer7Qf2hiDB/5s02/+8uiEeqMJpzsSdEYZUSgpyAcws5PDyr2GVFMI3dfPnl28

-----END CERTIFICATE-----

  1. Go to the Administration > Appliance Security > Encryption Key Management page Trusted Certificates tab.

  2. Click Add New Certificate to open a window into which you can paste the CA-signed certificate.

  3. Paste the certificate into the Key/Cert field.

  4. Optionally, enter a comment to be displayed in the Trusted Certificates list. Leave it blank if you want to use the certificate’s subject. This can be changed later using the Change Entry action.

  5. Click OK and confirm that the certificate is listed on the Trusted Certificates tab.

Part 2 – Local Certificate and private key

After the self-signed certificate has been added to each appliance in your Alluvio deployment as a trusted certificate, the final step is to add the certificate and the private key as the Local Credentials for your NetProfiler.

  1. Go to the Administration > Appliance Security > Encryption Key Management page Local Credentials tab.

  2. In the row for the MNMP SSL Certificate, choose Change Key/Cert from the Actions menu.

  3. Paste both the MNMP certificate and the private key into the Key/Cert field.

  4. Click OK and confirm that the MNMP certificate is listed on the Local Credentials tab.

Note:  Ensure that you include both the private key and the certificate with their BEGIN and END statements. If you paste in just the certificate, you will get a certification error.

They will be in the format:

-----BEGIN PRIVATE KEY-----

MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7CkgI/yEMu0td

...

6Q1V08AwLd4fVrOGvmOeZKk=

-----END PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

MIIDVzCCAj+gAwIBAgIJAPy15+KVLMaXMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNV

...

xnRRtSStpDwBRwrPBX9wiih7X13I2n2Qs/c0Gh9OVhKqsmcoZmnHjCQrdQ==

-----END CERTIFICATE-----

If you subsequently view the Local Credentials, you will not see the private key. It is never visible except when you initially paste it into the Change window.

SSL certificate requirements

Replacing SSL Certificates

Encryption key management