Author Topic: How to change SSL certificate in On-Premise Console  (Read 2298 times)

0 Members and 1 Guest are viewing this topic.

Offline Ragimiri

  • Newbie
  • *
  • Posts: 4
How to change SSL certificate in On-Premise Console
« on: May 25, 2018, 07:36:48 PM »
Hello, how can I change SSL certificate in On-Premise Console?

I tried to replace server.jks with mine, but it always failed with these errors:

Field error in object 'server.security' on field 'privateKey': rejected value [C:\Program Files\AVAST Software\Management Console\console/certificates/clicrt_rsa-key.prv.der]; codes [methodInvocation.server.security.privateKey,methodInvocation.privateKey,methodInvocation.com.google.protobuf.ByteString,methodInvocation]; arguments [org.springframework.context.support.DefaultMessageSourceResolvable: codes [server.security.privateKey,privateKey]; arguments []; default message [privateKey]]; default message [Property 'privateKey' threw exception; nested exception is com.avast.crypto.KeyUtilityException: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DER input, Integer tag error]

Field error in object 'server.security' on field 'publicKey': rejected value [C:\Program Files\AVAST Software\Management Console\console/certificates/clicrt_rsa-key.pub.der]; codes [methodInvocation.server.security.publicKey,methodInvocation.publicKey,methodInvocation.com.google.protobuf.ByteString,methodInvocation]; arguments [org.springframework.context.support.DefaultMessageSourceResolvable: codes [server.security.publicKey,publicKey]; arguments []; default message [publicKey]]; default message [Property 'publicKey' threw exception; nested exception is com.avast.crypto.KeyUtilityException: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException: ObjectIdentifier() -- data isn't an object ID (tag = -96)]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securitySettings': Could not bind properties to [unknown] (target=server.security, ignoreInvalidFields=false, ignoreUnknownFields=true, ignoreNestedProperties=false); nested exception is org.springframework.validation.BindException: org.springframework.validation.BeanPropertyBindingResult: 2 errors

I also tried to replace those DER files, but without success.

Offline systemsadminAS

  • Jr. Member
  • **
  • Posts: 21
Re: How to change SSL certificate in On-Premise Console
« Reply #1 on: June 06, 2018, 05:30:20 PM »
Same here, I need to update my certificate also (because we're using the Let's Encrypt 90-day versions), and there seems to be no way to do this in the console (and I'd rather not have to uninstall and reinstall every time).  I can see where the .pfx 'lives' but you'd have to have a way to enter the password for these, not just replacing the file...

Offline systemsadminAS

  • Jr. Member
  • **
  • Posts: 21
Re: How to change SSL certificate in On-Premise Console
« Reply #2 on: June 06, 2018, 09:28:22 PM »
Support did get back to me on this one. When you generate the new certificate, just make sure its filename and pcks password match what's in the config file (typically C:\Program Files\AVAST Software\Management Console\console\config\application-user-config.yml). if not, edit it, and replace the cert (typically found C:\Program Files\AVAST Software\Management Console\console\certificates) and restart the console / postgresql services and it seems to pick up fine.