Received below steps from support
Step-by-step guide
Procedure if you are using public key for generating CA Signed cert.
- Make sure that the GW is already registered.
- Generate a new public/private key pair ( Make sure that the key you're using is 2048 in size) and get the public key signed by the CA. https://docs.imperva.com/howto/e9edf135
- Stop the GW (if running). Make sure that the gateway is still registered.
- Take a backup of the file key.pem and replace the private-key file located in '/opt/SecureSphere/etc' (by default it's called- 'key.pem') with the new private key file.
Note: The name of the new key file should be changed to default name i.e, key.pem
- Take a backup of gw_self_signed_cert.crt and replace the existing self-sign certificate located at- /opt/SecureSphere/etc/gw_self_signed_cert.crt, with the one signed by the 3rd party CA.
Note: The name of new CA signed cert should be changed to default name: gw_self_signed_cert.crt
- On 'bootstrap.xml' edit the 'ssl/private-key-passphrase': <private-key-passphrase disable="false" use-manual-passphrase="false" manual-passphrase=""/>
'disable'- set to 'true' in case your private key file is not encrypted. Leave it as-is if it's not encrypted.
'use-manual-passphrase'- set to true if 'disable' is false. set to false if 'disable' is true.
'manual-passphrase'- the passphrase (just if you decided to use one…).
- Start the GW
We can quickly verify if it is there by accessing Gateway GUI and check the cert.
------------------------------
Urvin Shah
Senior Cybersecurity Consultant
M.Tech Solutions (India) PRIVATE LIMITED
Mumbai
------------------------------
Original Message:
Sent: 12-12-2022 12:44
From: Urvin Shah
Subject: Install CA signed certificate on Gateway
Kindly share process to install CA signed certificate on Gateway
#DatabaseActivityMonitoring
------------------------------
Urvin Shah
Senior Cybersecurity Consultant
M.Tech Solutions (India) PRIVATE LIMITED
Mumbai
------------------------------