07-13-2017 09:38 AM
I'm trying to enabled SSL for BNA access (https://mybnaserver.somehost.com). I have a cert generated by our internal CA...how do I enable it for use by the server?
I've loaded it into the keystore, but that's wrong or there's more to it. Can't find anything that clearly calls out these steps in the documentation. May be there and I overlooked it...
07-18-2017 09:17 AM
Do I need to open a support ticket? This would seem to be a fairly straight forward configuration item but I can't figure it out. Some config file I have to modify somewhere?
08-25-2017 04:35 AM
sorry for the late reply. So, you have a cert which is enabled by you internal CA for your server. Then there is a two steps process:
Some more details:
0. Converting a crt into a pfx format file - can be done via openssl which is included with BNA (see details) if you have key
c:\Program Files\Network Advisor 14.x.y\bin>openssl pkcs12 -export -out BNA.pfx -inkey BNA.key -in BNA.crt
where BNA.pfx is the exported file; BNA.crt is the certificate; CA.crt is your CA.crt; and BNA.key is your private key
or if you a have BNA.pem file (see details)
c:\Program Files\Network Advisor 14.x.y\bin>openssl pkcs12 -export -out BNA.pfx -inkey BNA.pem -in BNA.crt
1. If you are using a private CA, you need to import into the truststore before importing the new certificate. Otherwise if the CA in the list, you can skip this step. Or if using a combined self signed certificate. Notice that CA certificate also need be in pfx format!
2. Next you need import the BNA certificate into the keystore of BNA, via "Server > Options" and under in the "Software Configuration" select Certificates. Then for Keystore Certificate dropdown meny select replace:
Then you will have replacement menu - browse for the pfx file and select it, notice the password for the certificate
Then hit OK, and then you will see the following
You might want to check out the certificate by going to drop down menue and do View
Some back ground information
"Certificate management also allows you to manage the Management application server truststore as well as the Management application client truststore. On the Management application server, the truststore is maintained as two separate files: truststore and keystore. A truststore contains certificates from other third-parties with which the Management application server communicates. The truststore file is used when making decisions on what to trust"