Avast WEBforum

Business Products => Avast Business => Topic started by: Ragimiri on May 25, 2018, 07:36:48 PM

Title: How to change SSL certificate in On-Premise Console
Post by: Ragimiri on May 25, 2018, 07:36:48 PM
Hello, how can I change SSL certificate in On-Premise Console?

I tried to replace server.jks with mine, but it always failed with these errors:

Field error in object 'server.security' on field 'privateKey': rejected value [C:\Program Files\AVAST Software\Management Console\console/certificates/clicrt_rsa-key.prv.der]; codes [methodInvocation.server.security.privateKey,methodInvocation.privateKey,methodInvocation.com.google.protobuf.ByteString,methodInvocation]; arguments [org.springframework.context.support.DefaultMessageSourceResolvable: codes [server.security.privateKey,privateKey]; arguments []; default message [privateKey]]; default message [Property 'privateKey' threw exception; nested exception is com.avast.crypto.KeyUtilityException: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DER input, Integer tag error]

Field error in object 'server.security' on field 'publicKey': rejected value [C:\Program Files\AVAST Software\Management Console\console/certificates/clicrt_rsa-key.pub.der]; codes [methodInvocation.server.security.publicKey,methodInvocation.publicKey,methodInvocation.com.google.protobuf.ByteString,methodInvocation]; arguments [org.springframework.context.support.DefaultMessageSourceResolvable: codes [server.security.publicKey,publicKey]; arguments []; default message [publicKey]]; default message [Property 'publicKey' threw exception; nested exception is com.avast.crypto.KeyUtilityException: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException: ObjectIdentifier() -- data isn't an object ID (tag = -96)]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securitySettings': Could not bind properties to [unknown] (target=server.security, ignoreInvalidFields=false, ignoreUnknownFields=true, ignoreNestedProperties=false); nested exception is org.springframework.validation.BindException: org.springframework.validation.BeanPropertyBindingResult: 2 errors

I also tried to replace those DER files, but without success.
Title: Re: How to change SSL certificate in On-Premise Console
Post by: systemsadminAS on June 06, 2018, 05:30:20 PM
Same here, I need to update my certificate also (because we're using the Let's Encrypt 90-day versions), and there seems to be no way to do this in the console (and I'd rather not have to uninstall and reinstall every time).  I can see where the .pfx 'lives' but you'd have to have a way to enter the password for these, not just replacing the file...
Title: Re: How to change SSL certificate in On-Premise Console
Post by: systemsadminAS on June 06, 2018, 09:28:22 PM
Support did get back to me on this one. When you generate the new certificate, just make sure its filename and pcks password match what's in the config file (typically C:\Program Files\AVAST Software\Management Console\console\config\application-user-config.yml). if not, edit it, and replace the cert (typically found C:\Program Files\AVAST Software\Management Console\console\certificates) and restart the console / postgresql services and it seems to pick up fine.