Remote Expert 11.0 - Certificates

Creating CSRs

  • Log in to REM with tacaccount
  • Browse to
    cd /var/rem/etc/pki
  • Run the below command to create CSR file <servername>.csr
sudo openssl req -nodes -newkey rsa:2048 -keyout <servername>-KeyFile.key -out <servername>.csr
  • Export the CSR file created using WinSCP or an alternative method.
  • Request the CSR are signed and make sure that they also includes a SAN (subject Alternative Name) of the <FQDN-of-REM-ContentSwitch>, i.e. so that the cert which will be imported will include the server FQDN AND the Content Switch FQDN

e.g. CN=remoteexpert-serverA.mydomain.com
SAN=remote-expert.mydomain.com

where “remote-expert.mydomain.com” is the FQDN of the Content Switch VIP address for Remote Expert.

Importing Signed Certs

Note: before importing the Certs, decide and document passwords for the various keystores especially the password for file keystore.jks which location and password is configured the tomcat config file detailed below.

  • Using WinSCP copy the signed .cer files to /home/<tac-account>/
  • Log in to REM as tacaccount
  • Browser to cd /var/rem/etc/pki
  • Run the below command which will create the keystore file “keystore.pkcs12”
sudo openssl pkcs12 -export -out keystore.pkcs12 -in /home/<tacaccount>/<servername>.cer -inkey /var/rem/etc/pki/<servername>-KeyFile.key
  • this creates the file keystore.pkcs12
sudo keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS
  • This creates the file keystore.jks which is reference by tomcat
  • edit the Tomcat server.xml config file
sudo vi /opt/cisco/server/tomcat/conf/server.xml
  • update the lines below which reference the keystore file
 <Connector
                port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
                maxThreads="2000"
                acceptorThreadCount="2"
                URIEncoding="UTF-8"
                connectionTimeout="20000"
                scheme="https" secure="true" SSLEnabled="true"
                keystoreFile="/var/rem/etc/pki/<keystore-filename>.jks"
                keystorePass="<enter-your-password-here>"
                clientAuth="false" sslProtocol="TLS"
                sslEnabledProtocols="TLSv1.2"
                />
  • Re-run the configuration script (but nothing needs changing in config file)
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies