Documentation
LiveNAQuick Start GuideDownload PDF
LiveNA Quick Start Guide : Configuration : Setup SSL Certificate
Setup SSL Certificate
LiveNA and LiveNX communicate over a secure gRPC channel. This is secured using SSL. Out-of-the-box LiveNA generates a self-signed certificate, but a CA signed certificate can also be used and is recommended. This following section outlines how to install a CA Signed Certificate.
A. LiveNA SSL Certification Setup
1. Certificate verificationTo ensure that the import of CA-signed certificate works as expected, the CN specified in the certificate should match with the host name of the LiveNA server. LiveNX should be able to reach LiveNA using that host name as well.
2. Access the LiveNA shellUse ssh to access LiveNA’s shell.
3. Copy CA-signed certificate to LiveNATo copy the certificate and key files to LiveNA, it is recommended to use the tool such as scp to perform a secured network copy.
To copy the certificate and its key, perform the following:
$ scp [certificate] admin@[LiveNA IP]:/home/admin
$ scp [key] admin@[LiveNA IP]:/home/admin

where [certificate] is the path of the certificate file on the local machine, [key] is the path of the key file on the local machine, and [LiveNA IP] is the IP of the LiveNA Machine.
4. Convert the certificate into a java keystore format – LiveNA supports the certificates only in keystore format. Therefore, the first step is to convert the user’s certificate file and key file into a keystore file:
On the LiveNA shell perform the following:
$ openssl pkcs12 -export -in [certificate] -inkey [key] -name server -out livena-PKCS-12.p12

where [certificate] is the file name of the certificate file, and [key] is the file name of the key file.
When prompted with the export password, use:
3i3FGY7c1WMWqTz2RSKg
This command will generate a file called livena-PKCS-12.p12.  With livena-PKCS-12.p12, we import it into a keystore format file:
On the LiveNA perform the following:
$ keytool -importkeystore -deststorepass 3i3FGY7c1WMWqTz2RSKg -destkeystore public-grpc-server-ca-signed.keystore -srckeystore livena-PKCS-12.p12 -srcstoretype PKCS12
When prompted with the source keystore password, use:
3i3FGY7c1WMWqTz2RSKg
This command will generate a file called public-grpc-server-ca-signed.keystore. This is the keystore file that LiveNA reads in for SSL connection.
5. Replace the self-signed certificate with the CA-signed certificate – With the new file public-grpc-server-ca-signed.keystore, we can replace the self-signed keystore file with the CA-signed keystore file.
First make a backup of the self-signed keystore file, if it exists:
$ mv /data/livena/data/public-grpc-server.keystore ~/public-grpc-server-self-signed.keystore
Next, move the new CA-signed keystore into the the data directory of LiveNA:
$ cp public-grpc-server-ca-signed.keystore /data/livena/data/public-grpc-server.keystore
6. Restart LiveNA Server - Restart LiveNA server to load in the new keystore:
$ sudo service livena restart
B. LiveNX SSL Certification Setup
1. Remove the self-signed truststore file – With LiveNA now using a CA-signed truststore file, LiveNX will need to drop the old self-signed truststore file if it exists. From the LiveNX shell, do the following:
$ mv /data/livenx-server/data/live-insight-edge.truststore ~/live-insight-edge-self-signed.truststore
This command moves the live-insight-edge.truststore truststore file to the home directory as a backup.
2. Restart LiveNX Server – Restart the LiveNX server to load in the new truststore configuration:
$ sudo service livenx-server restart