Automatic certificate updates with existing SSL Certificate
Follow these steps for configuring HCL SafeLinx with ACME provider when SSL certificate already exists.
About this task
Procedure
-
Create HTTP Service on SafeLinx Server
- Navigate to SafeLinx server administration interface.
- Create/edit an HTTP service with the following configurations (some of
below options might not be available in service create wizard, use
service edit wizard for making mentioned changes):
Service URL: Provide HTTPS URL on which HTTP service will be hosted.
TCP port to listen on: 443 or any available port to allow requests for HTTP service.
Enable Enable Automatic Certificate Update.
Provide Certificate Store Server:port details (valid): <cert_store_server_name>:<port_number>
Application server URL: NOAUTH http://<domino-server-url>/.well-known/ & add the required domino server URL. Add 80 to Redirect HTTP portsNote: AMCE HTTP-01 challenge should be listed and server on port 80.Select any Authentication Profile and other configurations as required.
-
Submit Certificate Request from Certificate Store
- Access CertManager on the Domino server.
- Select Add TLS Credentials in the Certificate Store.
- Choose Create Exportable Key and set a strong password.
- Specify SafeLinx server name as Host names, Domino server with access in Server with access fields.
- Select ACME as Certificate provider and select corresponding ACME account.
- Update the other fields and Certificate Attributes.
- Submit the request.
- Use Export TLS credentials to export the
generated certificate as a P12 file with the provided password.Note: This file will be used as the keyring file in SafeLinx configuration.
-
Update SafeLinx Configuration
- Modify the existing SafeLinx configuration:
Provide the path of the generated P12 file in PKCS12 keystore file.
Update the Keystore password with the password used during P12 file generation.
Configure the time interval for certificate updates, at Time interval to check for certificate updates (hrs) field.
Keep 80 port entry in Redirect HTTP ports in the General tab.
- Save changes and restart the SafeLinx server for the changes to take effect.
- Modify the existing SafeLinx configuration:
- Access SafeLinx Service URL to verify the certificate details.