Replacing the Self-Signed Certificate

Overview

The self-signed certificate generated during initial configuration provides a quick means for initial administrator setup. Once setup is complete and any DNS names have been appropriately assigned, we recommend replacing the self-signed certificate with a certificated signed by a trusted authority. Using a certificate issued from a trusted Certificate Authority (CA) reduces end-user confusion when accessing a web site with an otherwise untrusted certificate.

Any SSL/TLS certificate issued from a commercial vendor or an organizational CA is sufficient.

Certificate Requirements

The certificate must be in PEM format and should include both the certificate and the private key. Depending on the format of the certificate you acquire, conversion from other formats such PKCS#12 or PFX may be required. Online examples and help for certificate conversion include:

• https://knowledge.digicert.com/solution/SO26449.html

• https://www.ssl.com/how-to/export-certificates-private-key-from-pkcs12-file-with-openssl/

• General search: https://www.google.com/search?q=convert+certificate+pkcs12+to+pem

An example using the openssl command line tool to convert a certificate from PFX to PEM format is shown here:

openssl pkcs12 -in my-certificate.pfx -out my-certificate.pem -nodes

Updating the Certificate

Once you have a valid PEM file including the certificate and private key that is not password protected, replace the server.pem file found on the server hosting the Data Owner web service here:

%PROGRAMDATA%\OpenText\FileDynamics\DataOwnerWeb\config\server.pem

Typically this is located at:

C:\ProgramData\OpenText\FileDynamics\DataOwnerWeb\config\server.pem

1. Using the Windows services manager, stop the fsfdataownerweb service.

2. Replace the server.pem file with the updated certificate file, keeping the same name.

3. Restart the fsfdataownerweb service.