Finally, I could repair the configuration. In my desperation, I opened a bash in the saede-app container and deleted the sae.customer.keystore in the /opt/dell/secureconnectgateway/config directory. After a restart of the app the web gui started with a new self-signed certificate. I could log in and upload the new ca signed certificate again. The web gui is now running with the new certificate.
you can first ensure that the certificate and key are correctly installed and recognized. This involves verifying that the certificate chain is complete and correctly installed on the server, which includes the SSL certificate, intermediate certificates, and root certificate. Make sure all certificates in the chain are valid and installed correctly. If the web GUI on port 5700 is not accepting the new certificate after a restart, it could be due to an incomplete certificate chain or the server still holding onto the old certificate in its cache. Restarting the server might help in recognizing the new certificate chain. For port 9443, which is still using the old certificate, you will need to replace the old certificate with the new one. This can be done by importing the new certificate and setting it as the default, then deleting the old certificate from the server -- restarting server might be needed
The new certificate has been accepted by the web gui. But after restart of the SCG my web browser always receives an ERR_SSL_PROTOCOL_ERROR. So I cannot connect to the web gui any more. My idea is to open a bash in the saede-app container and delete the new certificate, or re-install it manually. But I don't know how to do that.
dirkuos
1 Rookie
•
32 Posts
0
May 15th, 2024 07:09
Dirk
(edited)
shuff12
1 Rookie
•
7 Posts
0
May 13th, 2024 16:08
you can first ensure that the certificate and key are correctly installed and recognized. This involves verifying that the certificate chain is complete and correctly installed on the server, which includes the SSL certificate, intermediate certificates, and root certificate. Make sure all certificates in the chain are valid and installed correctly. If the web GUI on port 5700 is not accepting the new certificate after a restart, it could be due to an incomplete certificate chain or the server still holding onto the old certificate in its cache. Restarting the server might help in recognizing the new certificate chain. For port 9443, which is still using the old certificate, you will need to replace the old certificate with the new one. This can be done by importing the new certificate and setting it as the default, then deleting the old certificate from the server -- restarting server might be needed
dirkuos
1 Rookie
•
32 Posts
0
May 14th, 2024 05:29
Hi, thanks for the reply.
The new certificate has been accepted by the web gui. But after restart of the SCG my web browser always receives an ERR_SSL_PROTOCOL_ERROR. So I cannot connect to the web gui any more. My idea is to open a bash in the saede-app container and delete the new certificate, or re-install it manually. But I don't know how to do that.