# rm-rf.es

Renovar certificados SSL de StoneGate Management Center (SMC)

Antes de que expire el certificado SSL instalado en el centro de control de StoneGate, se recibe la siguiente alerta avisando de que está a punto de caducar:

StoneGate alert "System alert" was raised at 2017-04-10 00:00:00.
Situation: Management Server: Certificate check for Log Server
Severity: High
Message: Management Server: Certificate check for Log Server
Log Server's certificate expires in less than 90 days. Run the sgCertifyLogSrv script on the Log Server to create a new certificate.
Sender: Management Server

This is an alert message sent by StoneGate Management Center.

En el caso de que se trate de un certificado adquirido a una entidad (Verisign, Comodo, etc) será necesario iniciar el proceso de renovación correspondiente. En estos casos, lo más habitual es que se trate de un certificado autofirmado, es decir, generado por el propio SMC. Los pasos para proceder a su renovación son los siguientes:

Parar el servicio de stonegate:

# su - sgadmin
-bash-4.1$ cd /usr/local/stonesoft/management_center/bin
-bash-4.1$ ./sgStopMgtSrv.sh
Stopping Stonesoft Management Server: 
....

Ejecutar el script que renueva el certificado SSL:

-bash-4.1$ ./sgCertifyMgtSrv.sh
-nodisplay not used and graphic mode not available
Graphical mode requested but not available. use option -nodisplay to start in console mode.
-bash-4.1$ ./sgCertifyMgtSrv.sh -nodisplaystone
Running in console mode
Starting Primary Management Server certification
Management Server Certification.

Management Server has been successfully re-certified.

Iniciar el SMC una vez finalizados los trabajos:

-bash-4.1$ ./sgStartMgtSrv.sh &

Las mismas acciones se deben llevar a cabo para renovar el certificado del log server en SMC:

-bash-4.1$ ./sgStopLogSrv.sh
Stopping Stonesoft Log Server: 

-bash-4.1$ ./sgCertifyLogSrv.sh -nodisplay
Running in console mode
This component needs to contact the management server to get its certificate.
login: admin
password: 

domain(optional):
Trying to connect Management Server at following addresses:
192.138.3.10

Connected Management Server: 192.138.3.10
1: Create a new Log Server
2: Certify again Log Server named: "LogServer 192.138.3.10" (192.138.3.10) (recommended)
3: Cancel
2
Creating certificate request. Please wait.....
The certificate of this Log Server has been regenerated.
-bash-4.1$ ./sgStartLogSrv.sh &
[2] 18738
-bash-4.1$ Stonesoft Management Center 6.0.0 [10116]
Copyright 2000-2016 Forcepoint LLC. All rights reserved.
http://www.forcepoint.com

Starting Log Server...
Log Server started.
Salir de la versión móvil