Antes de que expire el certificado SSL instalado en el centro de control de StoneGate, se recibe la siguiente alerta avisando de que está a punto de caducar:
StoneGate alert "System alert" was raised at 2017-04-10 00:00:00. Situation: Management Server: Certificate check for Log Server Severity: High Message: Management Server: Certificate check for Log Server Log Server's certificate expires in less than 90 days. Run the sgCertifyLogSrv script on the Log Server to create a new certificate. Sender: Management Server This is an alert message sent by StoneGate Management Center.
En el caso de que se trate de un certificado adquirido a una entidad (Verisign, Comodo, etc) será necesario iniciar el proceso de renovación correspondiente. En estos casos, lo más habitual es que se trate de un certificado autofirmado, es decir, generado por el propio SMC. Los pasos para proceder a su renovación son los siguientes:
Parar el servicio de stonegate:
# su - sgadmin -bash-4.1$ cd /usr/local/stonesoft/management_center/bin -bash-4.1$ ./sgStopMgtSrv.sh Stopping Stonesoft Management Server: ....
Ejecutar el script que renueva el certificado SSL:
-bash-4.1$ ./sgCertifyMgtSrv.sh -nodisplay not used and graphic mode not available Graphical mode requested but not available. use option -nodisplay to start in console mode. -bash-4.1$ ./sgCertifyMgtSrv.sh -nodisplaystone Running in console mode Starting Primary Management Server certification Management Server Certification. Management Server has been successfully re-certified.
Iniciar el SMC una vez finalizados los trabajos:
-bash-4.1$ ./sgStartMgtSrv.sh &
Las mismas acciones se deben llevar a cabo para renovar el certificado del log server en SMC:
-bash-4.1$ ./sgStopLogSrv.sh Stopping Stonesoft Log Server: -bash-4.1$ ./sgCertifyLogSrv.sh -nodisplay Running in console mode This component needs to contact the management server to get its certificate. login: admin password: domain(optional): Trying to connect Management Server at following addresses: 192.138.3.10 Connected Management Server: 192.138.3.10 1: Create a new Log Server 2: Certify again Log Server named: "LogServer 192.138.3.10" (192.138.3.10) (recommended) 3: Cancel 2 Creating certificate request. Please wait..... The certificate of this Log Server has been regenerated. -bash-4.1$ ./sgStartLogSrv.sh & [2] 18738 -bash-4.1$ Stonesoft Management Center 6.0.0 [10116] Copyright 2000-2016 Forcepoint LLC. All rights reserved. http://www.forcepoint.com Starting Log Server... Log Server started.