Using Third Party SSL cert/CA cert in NFA for DE

Using Third Party SSL cert/CA cert in NFA for DE

Hi,

A - The first step is to generate a Keystore file -

1 - Open CMD as Admin ( right click on CMD -> Run As Administrator ) and navigate to NetFlowCentral\jre\bin directory

2 - Type ->  keytool -keyalg RSA  -keystore server.keystore -genkey -alias ServerKey

Once done enter the following information when asked for -

Enter keystore password: netflow

What is your first and last name? [starscream] //hostname of the server being worked upon
What is the name of your organizational unit? [Enterprise] //Enter org unit/LOB name
what is the name of your organization? [ZOHO] // from here, all the following fields are user defined
      What is the name of your City or Locality? [Chennai]
      What is the name of your State or Province? [TamilNadu]   
      What is the two-letter country code for this unit? [IN]
      Is CN=starscream, OU=Enterprise, O=ZOHO, L=Chennai, ST=TamilNadu, C=IN correct?
      [no]: yes
      Enter key password for
          (RETURN if same as keystore password):netflow
      Re-enter new password:netflow

3 - This operation creates a KeyStore file named server.keystore in the current working directory which is %NetFlowCentral%\jre\bin\ directory

B - Now, a CSR file has to be generated -

1 - From the same CMD window, type  -

keytool -keystore server.keystore -certreq -alias ServerKey -keyalg RSA -file self.csr  

Enter keystore password:netflow

2 - Now, %NetFlowCentral%\jre\bin\self.csr file will be created.

C - Next is to import CA certificate to the Keystore -

we will be provided certificates depending on the CA and they are usually the root certificate, chained certificate and CA certificate. These certificates needs to be imported into the already generated keystore (in our case, server.keystore). The files needs to be imported to the keystore in the exact sequence as provided by the CA, the steps for which are below. The import should be done from %NetFlowCentral%\jre\bin\ directory.

Let's consider the file name to be - CARoot.cer . Copy it to the %NetFlowCentral%\jre\bin directory and execute the following command from the command prompt:

 keytool -import -trustcacerts -keystore server.keystore -file CARoot.cer -alias Root

Once the command is executed, you will be prompted for password.

Enter keystore password:netflow
........
........
Trust this certificate? [no]:YES

D - Now to import chain certificates -

keytool -import  -trustcacerts -keystore server.keystore -file chain.cer -alias Chain

Once the command is executed, you will be prompted for password.

Enter keystore password:netflow

If you receive more than one chained certificate from CA repeat the same procedure by replacing 'Chain' as 'Chain1' , 'Chain2 '  and etc.

E - Now, import the CA certificate -

 
keytool -import -keystore server.keystore -file CAcert.cer -alias ServerKey 
 

 [The same name and alias used when generating the keystore is to be used here]

F - Generate Trust certificate from the Server.Keystore -

 keytool  -export -alias ServerKey -file server.cer  -keystore server.keystore

Once the command is executed we will be prompted for password.

Enter keystore password:netflow


For Distributed Edition:

G -
Import Trust Certificate to Client.Keystore -

keytool -import -alias CentralKey -file server.cer -keystore client.keystore -noprompt

Once the command is executed we will be prompted for password.

Enter keystore password:netflow
Re-enter new password:netflow

where client.keystore is the user defined name for the keystore and CentralKey is the alias name. The name of the keystore is user defined and this exact name needs to be specified as detailed below.

          • Related Articles

          • NCM/NFA 12100 Consolidated Fix

            Note: This is applicable only for NCM/NFA/FWA Build 12100. Make sure to take the backup of the installation before applying the patch. Patch: 1. Stop NCM(OpManager) Service. 2. Download the patch file from the link here 3. Copy and extract (using ...
          • Enable 3rd party SSL in NetFlow Plug-In

            Please follow the steps mentioned below to enable 3rd party SSL in NetFlow Plug-In  Note: This has to be followed once OpManager is enabled with SSL and working with 3rd party SSL. 1.Stop the OpManager service 2.Open command as Administrator ...
          • Total database consumption of space by NFA

            Note: This feature works in 123288 and above releases only and is applicable for both PGSQL and MSSQL.  NetFlow Analyzer stores two kinds of data(i.e RAW data and Aggregated data), we can separately get the total amount of table space taken by NFA by ...
          • DST changes-NFA reports one hour behind.

            Daylight Savings Time changes affects Java applications and make them to report one hour behind to the actual time. Customers facing this issue please follow the steps below to fix the issue. Please follow the below steps and check on the issue: 1. ...
          • NFA Password Reset steps for Mysql database till version 10250

            Kindly follow steps as given below to reset the password. Please note that the NetFlow Analyzer Server is running before doing the below steps. 1. Open a command prompt 2. Go to the <NETFLOW_HOME>\mysql\bin directory 3. Type For Windows    :   mysql ...