Bug 1164 - ArrayKK/APV/WebUI Certificate Attributes
Review Request #476 — Created Sept. 25, 2024 and updated — Latest diff uploaded
| Information | |
|---|---|
| kevin.poh | |
| APV10 | |
| rel_apv_10_7 | |
| 1164 | |
| Reviewers | |
| timlai, weikai | |
Issue:
The APV WebUI certificate appears to have changed after a certain version.
According to Bug 1164, version 10.4.2.104 still includes complete details about the Array in the certificate.
However, in the latest version (10.7), the certificate contains less information.Solution:
By using OpenSSL commands on Linux, we generate a certificate with the desired parameters, based on the information from version 10.4.2.104.The details of the step is written below:
1. Create a new folder on the Linux environment
2. Type the command "openssl genrsa -out private.key 2048" (which will generate "private.key" file)
3. Type the command "openssl req -new -key private.key -out server.csr" (which will generate "server.csr" file)
4. Copy "openssl.cnf" from "rel_apv_10_7/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d/apps/" to your current working directory
5. Under the "[ v3_req ]" section, copy the parameters below :Set basicConstraints to indicate this certificate is a CA
basicConstraints = CA:TRUE
keyUsage extension to include Key Encipherment (a0)
keyUsage = critical, digitalSignature, keyEncipherment
Subject Key Identifier and Authority Key Identifier
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuerEnhanced Key Usage extension
extendedKeyUsage = serverAuth, clientAuth
6. Type the command "openssl x509 -req -days 3650 -in server.csr -signkey private.key -out server.crt -extfile openssl.cnf -extensions v3_req"
(This will generate "server.crt" file)
7. Type the command "cat server.crt private.key > server.pem" (This will generate "server.pem" file)
8. Rename the "private.key" into "server.key"
9. Copy "server.crt", "server.key", "server.pem" from this directory to the APV which is "rel_apv_10_7\usr\click\webui\conf\"
After compiling with the updated "server.crt", "server.key", and "server.pem" files,
upgrade the WebUI using the compiled .array files.To verify the certificate, you can check it using a browser like Chrome:
- Look for the "Lock" icon or "Not Secure" icon next to the URL.
- Click on it and select Certificate details.