Using certificates (Non-GUI)

Connecting to FAS via the CLI 

  • Navigate to the FAS's bin directory e.g. cd <FAS_INSTALL_DIR>/bin
  • Start the JBoss CLI e.g. ./jboss-cli.sh
  • Using the 'connect' command, connect to the master host of the required FAS cluster, specifying its address and the management port e.g. connect <ADDRESS>:9999
  • When prompted for credentials, enter the appropriate username and password
  • To terminate a CLI session type: quit

NOTE: Once connected use 'ctrl + backspace' to delete a command

Generate CSR (This is example is based on securing https, change to sips for SIP signalling)

Following command can be used to generate CSR for https in main-loadbalancer-group

/profile=management/subsystem=trustmgmt/identity-certificate-group=main-loadbalancer-group/identity-certificate=https/:generate-csr(password=changeit,subject-dn=CN=ngupta-la.cli.test,challenge-password=mypassword)

You can use exact same command to generate CSR for sips just replace https with sips

Import Signed Certficate

Once you receive signed certificate from your CA, you can import it using following command:

/profile=management/subsystem=trustmgmt/identity-certificate-group=main-loadbalancer-group/:import-certificate(name=https,password=changeit,cert-encoded=-----BEGIN CERTIFICATE----- encoded cert -----END CERTIFICATE-----)

NOTE the certificate has to be all on one line, no carriage returns e.g. 

/profile=management/subsystem=trustmgmt/identity-certificate-group=main-loadbalancer-group/:import-certificate(name=https,password=changeit,cert-encoded=-----BEGIN CERTIFICATE-----MIIDojCCAoqgAwIBAgIBFDANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCVUsxDjAMBgNVBAgMBVdhbGVzMRAwDgYDVQQHDAdDYXJkaWZmMQ4wDAYDVQQKDAVDYWZlWDEQMA4GA1UECwwHc3VwcG9ydDEVMBMGA1UEAwwMU3RldmVzU2VydmVyMSEwHwYJKoZIhvcNAQkBFhJzcGFyZml0dEBjYWZleC5jb20wHhcNMTUwMjA2MTEyMjAzWhcNMTYwMjA2MTEyMjAzWjAgMR4wHAYDVQQDExVjcy1yZGF2aWVzMi5jYWZleC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu4XX9eKOPwrnn2U1wrybKSiCP9eTmh96sVJXVpjwDRhQYZ3tqYFMccyGp/k53zKUX1SKrhWAlqMlokpS9z3uZoiA9Gu9upuIpP9eqn+bkonui/526/EL/uWisY98Ik1ybhSr4jFZE2tv+U4ls0WZRH1KoCfGcxiI+n5Pz3eWG3iN6K9VZqJXDQIZrslV2CNvmPW6XnnADlJ44VLaSsjbOlXZLBuxl3sAWMSasfeSr0MY2t9obgr97eKtshmjTuWRuxTEPBV3Sslqy/SGDeJgqp52VQ+4rWng9uHTlXlky+/x3Xl4XyuaNDaeLEIgmEXaPidx7HctR/cfzTAKZ7vpRAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQSaQJQBxJairgZXEVFaVEXWCLv/TAfBgNVHSMEGDAWgBR2lRqn04KWX34/ERbooOC6gZxS+DANBgkqhkiG9w0BAQsFAAOCAQEArtv9qYA0vENQ0t1VOf7Rcr3w+Ox6Ofk51we6nHEojRcmE4Zk5ZVgcZKVha+e7rXghFyqj8gYNlD6TP/VtZzJkKI/xyiShH1IOaDQ94zmgQWnRvEOVfqU3rmgju5Xu4hqCzbdPcthS8b1zoWWNQfNLF6wYO/v8buUr0XLN9XOrRJLN1OJMbm1cn6Ow3hozKV4I3z8DtXx3ZhqIHSzhsgZD90LpLexpZMcGY/dvDy0WlRZCAfDrrZWixNbFo9S6wk5G2bMTKuloeI9AoON7/Fx1WCpq0QvPSUUfX7yPiShRWrX9K46UnX7KUm9QDCrwrt3Ad3Ip38LQJBPQUHJQq+uAg==-----END CERTIFICATE-----)

You can use exact same command to import certificate for sips just replace https with sips

Generate Key Pair

If you need to generate new key pair, you may do so using following command, change input values in bold:

/profile=management/subsystem=trustmgmt/identity-certificate-group=main-loadbalancer-group/:generate-keypair(expiry-date=2024-10-10,subject-dn=cn=192.168.8.99)

Delete an existing Key Pair

/profile=management/subsystem=trustmgmt/identity-certificate-group=main-loadbalancer-group/identity-certificate=https/:remove(password=changeit)
{
"outcome" => "success",
"result" => undefined,
"server-groups" => {"mgmt-server-group" => {"host" => {"master-cs-fcsdk" => {"management" => {"response" => {"outcome" => "success"}}}}}} 

View an installed certificate

If you need to view an imported cert, you can do so with the following command (this is based on https cert swap to sips for signalling cert)

/profile=management/subsystem=trustmgmt/identity-certificate-group=main-loadbalancer-group/identity-certificate=https/:get-certificate-details(password=changeit)

 

 

 

Comments are disabled on these articles if you require help contact support@cafex.com.

Have more questions? Submit a request

Comments

Powered by Zendesk