Avamar 19.2+: Install signed web server certificates for Avinstaller, Client Manager, Tomcat, MCS Developer Kit (MCSDK), Java RMI, and Apache for AUI
Summary: How to install signed web server certificates for Avinstaller, Client Manager, Tomcat, MCS Developer Kit (MCSDK), Java RMI, and Apache for Avamar User Interface (AUI) on Avamar 19.2 and later using the AUI upload feature. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Install certificates signed by a certificate authority by using the AUI
If the existing certificates for the web services are not suitable for your security purposes, you can replace these certificates by manually adding the files in the Avamar Management Web User Interface (AUI).
The web servers on Avamar expose the following ports with ssl certificates:
Note, replacing web server certs does not impact gsan/backups/replication.
Prerequisites
- Prepare your own certificates and private keys, and store these files on a local system for upload to the AUI. Importing the same certificate with a different alias name is not permitted.
- Only RSA keys and related certificates are supported.
- The keys must be in PKCS1 format.
- The certificates must be in X509 format.
- All CA certificates must be merged into a single file.
- Ensure that no backup and recovery operations are in progress.
Help with the prerequisites
The following KB details any easy way to generate a PKCS1 private key with a Certificate Signing Request (CSR)
000204384 | Avamar: Generate a Certificate Signing Request (CSR) with Subject Alternative Name (SAN) to send to the Certificate Authority (CA)
The following KB assists you with verifying that the certificate files are ready to be uploaded in the AUI by ensuring the private key is PKCS1 format, the key and the server cert match, and the chain builds a chain of trust for the server cert.
000185151 | Avamar: How to verify the CA signed certificate is ready for upload to AUI
Steps to install in AUI
1. In the AUI, go to Administration > System.
2. In the System window, select the Certificate tab, and then select the Private Key tab.
A private certificate entry for the Web Server appears in the table.
3. Click the radio button next to the Web Server entry (in case that you want to check current private entry details, you can click VIEW).
4. Click +REPLACE.
The Replace Private Entry wizard displays.
5. In the Private Key field, click Browse to locate and select your certificate's private key.
6. In the Certificate field, click Browse to locate and select your certificate file.
7. In the Certificate Chain field, click Browse to locate and select your certificate chain file.
NOTE: If the same trusted certificates in the chain file have been imported in the certificates tab, remove them from the certificates tab first.
8. (Optional) If the private key is protected, provide the passphrase.
9. Click NEXT.
Certificate validation is initiated. The key, certificate, and certificate chain must be an exact match, otherwise the validation fails.
10. When validation completes successfully, click FINISH.
11. Click RESTART SERVICES to restart the web server services, and then click YES to verify you want to restart these services.
If the existing certificates for the web services are not suitable for your security purposes, you can replace these certificates by manually adding the files in the Avamar Management Web User Interface (AUI).
The web servers on Avamar expose the following ports with ssl certificates:
Port Service 7778 Java Remote Method Invocation (RMI) 7779 Java Remote Method Invocation (RMI) 7780 Java Remote Method Invocation (RMI) 7781 Java Remote Method Invocation (RMI) 443 Apache Webserver 9443 MCSDK (MCS Developer Kit SOAP API) 8543 Tomcat/DTLT/EMT 7543 Avinstaller/Jetty
Note, replacing web server certs does not impact gsan/backups/replication.
Prerequisites
- Prepare your own certificates and private keys, and store these files on a local system for upload to the AUI. Importing the same certificate with a different alias name is not permitted.
- Only RSA keys and related certificates are supported.
- The keys must be in PKCS1 format.
- The certificates must be in X509 format.
- All CA certificates must be merged into a single file.
- Ensure that no backup and recovery operations are in progress.
Help with the prerequisites
The following KB details any easy way to generate a PKCS1 private key with a Certificate Signing Request (CSR)
000204384 | Avamar: Generate a Certificate Signing Request (CSR) with Subject Alternative Name (SAN) to send to the Certificate Authority (CA)
The following KB assists you with verifying that the certificate files are ready to be uploaded in the AUI by ensuring the private key is PKCS1 format, the key and the server cert match, and the chain builds a chain of trust for the server cert.
000185151 | Avamar: How to verify the CA signed certificate is ready for upload to AUI
Steps to install in AUI
1. In the AUI, go to Administration > System.
2. In the System window, select the Certificate tab, and then select the Private Key tab.
A private certificate entry for the Web Server appears in the table.
3. Click the radio button next to the Web Server entry (in case that you want to check current private entry details, you can click VIEW).
4. Click +REPLACE.
The Replace Private Entry wizard displays.
5. In the Private Key field, click Browse to locate and select your certificate's private key.
6. In the Certificate field, click Browse to locate and select your certificate file.
7. In the Certificate Chain field, click Browse to locate and select your certificate chain file.
NOTE: If the same trusted certificates in the chain file have been imported in the certificates tab, remove them from the certificates tab first.
8. (Optional) If the private key is protected, provide the passphrase.
9. Click NEXT.
Certificate validation is initiated. The key, certificate, and certificate chain must be an exact match, otherwise the validation fails.
10. When validation completes successfully, click FINISH.
11. Click RESTART SERVICES to restart the web server services, and then click YES to verify you want to restart these services.
Affected Products
AvamarArticle Properties
Article Number: 000198691
Article Type: How To
Last Modified: 30 May 2024
Version: 9
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.