First create a configuration file inside /tmp directory. You can named it "iglscert.cnf" in Eyeglass Appliance. Below is an example:[ req ]default_bits = 2048prompt = noencrypt_key = nodefault_md = sha256distinguished_name = dnreq_extensions = v3_req[ dn ]CN = iglscert.superna.localemailAddressfirstname.lastname@example.orgO = SUPERNAOU = Support TeamL = OttawaST = OntarioC = CA[ v3_req ]subjectAltName = @alt_names[ alt_names ]DNS = superna.localDNS = *.superna.local
Now, create a CSR (Certificate Signing Request) file and a server key file in /tmp directory using the following command in Eyeglass Appliance:openssl req -new -config /tmp/iglscert.cnf -keyout /tmp/iglscert.key -out /tmp/iglscert.csr
Use the following command to verify the certificate information:openssl req -text -noout -verify -in /tmp/iglscert.csr
Take the verified CSR file to your Windows Server CA or other CA and get it signed [ Signed certificate must be in Base-64-encoded X.509 format]. Once you have the file signed, copy it back to Eyeglass Appliance using any secure FTP client such as WinSCP and install using the steps below.
locate the private key and certificate, the file should have a private X509 key and certificate signed by a trusted certificate authority. as it must be X509 Certificate.
Example: eyeglass.key and eyeglass.crt for certificate.
Login to eyeglass as root (or sudo to root), then upload the certificate files to eyeglass you may use winscp
Browse the Eyeglass certificate directorycd /opt/superna/sca/.secure
Move the existing .pem filemv ssl.pem ssl.pem.orig
Concatenate the new key file informationcat ssl.pem.orig ssl > ssl.pem
The following procedure can be used to generate a new self signed certificate and apply it on the Eyeglass appliance.
Note: There will be an Eyeglass service interruption when performing this procedure.