v19

Introduction

Starting with revision 20190627.1746, released on 6/27/2019, the method of importing TLS certificates has changed. Instead of importing them from the CLI, certificates are imported from the Admin Dashboard.


Accessing the Admin Dashboard

To connect to the Admin Dashboard, open a web browser and connect to https://<netLD-IP>:8443. Replace <netLD-IP> with your appliance’s IP address or resolvable hostname.


If this is your first time connecting to the Admin Dashboard, you will need to create an “API Token” (password). If you are reconnecting to the Admin Dashboard you will need the “API Token” (password) that was previously entered.


  • Enter your API Token and Login.
  • If this is your first visit to the Admin Dashboard, select "API Token Setup".

  • To set your new API Token enter an API Token (password) of your choice (You will need to remember your API Token for future access.) and Confirm your API Token. Then click on the “Update” button

Importing the TLS Certificate

To import your TLS certificate, you will need the following files:

File

Example

Public Certificate (PEM)

Example: cert.pem

-----BEGIN CERTIFICATE-----

MIIDWzCCAkOgAwIBAgIJAJaJvqXaQ49GMA0GCSqGSIb3DQEBB

BAYTAlVTMRIwEAYDVQQIDAlDb25mdXNpb24xITAfBgNVBAoMp

Many lines like the above/below 

m0eLjosIIMqcA+CqVyAK4Yn5T8pCs/FkUqOUVFUWx+EQ724Xh

f4xAq5kjj5DTPIw6CmmcWaxDaLWi2NUPUZMIUyJIo+U3n6YM=

-----END CERTIFICATE-----

Private Key (RSA un-encrypted)

Example: private.key

-----BEGIN RSA PRIVATE KEY-----

MIIEpQIBAAKCAQEAuPBe4tw/OjwQtyUXtEZ6PGCB7qbFy8CXc

PIYseTmjd/ff81LalV9UllzxnyQEmu6eTYQtFsvDdmlwnzE4e

Many lines like the above/below 

QPfqHrWiGgFVnrM71IYo5J83pAjucdqgyQrq362qgeP2LQo9B

RdAbXV3YAC+v7ZwsIzQkLxx20FIMMtPriphEsdak=

-----END RSA PRIVATE KEY-----

CA Certificate (PEM optional)

Example: cacert.pem

-----BEGIN CERTIFICATE-----

MIIDWzCCAkOgAwIBAgIJAJaJvqXaQ49GMA0GCSqGSIb3DQEBB

BAYTAlVTMRIwEAYDVQQIDAlDb25mdXNpb24xITAfBgNVBAoMp

Many lines like the above/below 

m0eLjosIIMqcA+CqVyAK4Yn5T8pCs/FkUqOUVFUWx+EQ724Xh

f4xAq5kjj5DTPIw6CmmcWaxDaLWi2NUPUZMIUyJIo+U3n6YM=

-----END CERTIFICATE-----


  • After logging in, select “Update” from the top menu then “TLS Certificates”.















  • Click on “Choose File” and select your cert file



  • Click on “Choose File” and select your key



  • Optional - Click on “Choose File” and select your cacert file



  • Click “Upload”


  • The display will update to show success or failure (If the status stalls after clicking “Upload” refresh the screen)


v16 & 18


To import your TLS certificate, you will need a new or existing PKCS#12 key from a certificate authority or self generated. To use this file in netLD, follow these steps.


In the command examples below, PFX_FILE is the key file name, and KEY_NAME is the name of the key in the PKCS file.


Virtual Appliance:

[tcadmin@netld]$ sudo /usr/share/netld/java/binkeytool -importkeystore -srcstoretype pkcs12 -destkeystore /data/netld/.keystore -deststoretype pkcs12 -deststorepass ziptie -destalias ziptie -destkeypass ziptie -srckeystore <PFX_FILE> -srcalias <KEY_NAME>



After updating the certificate the virtual appliance needs to be restarted in order for the new certificate to take effect.


If you don't know the KEY_NAME in the existing key file you can run this command and it will show use the name as the "FriendlyName":

[tcadmin@netld]$ openssl pkcs12 -info -in <PFX_FILE> -nokeys

If you need delete the existing SSL certificate enter the following command:

[tcadmin@netld]# sudo /usr/share/netld/java/bin/keytool -delete -alias ziptie -keystore /data/netld/.keystore



Linux:

[root@netld]# cd /usr/share/netld

[root@netld]# keytool -importkeystore -srcstoretype pkcs12 -destkeystore config/.keystore -deststoretype jks -deststorepass ziptie -destalias ziptie -destkeypass ziptie -srckeystore <PFX_FILE> -srcalias <KEY_NAME>


If you don't know the KEY_NAME in the existing key file you can run this command and it will show use the name as the "FriendlyName":

[root@netld]# openssl pkcs12 -info -in <PFX_FILE> -nokeys

If you need delete the existing SSL certificate enter the following command:

[root@netld]# keytool -delete -alias ziptie -keystore config/.keystore -storepass ziptie

 *In case of importing PEM file instead of PFX file* 


[root@netld]# keytool -import -alias ziptie -keystore config/.keystore -file <PEM_FILE>

After replacing the file, please restart the netld service.

Windows:

Open a cmd.exe shell as Administrator and execute the following command in the Net LineDancer installation directory:


C:\Program Files\Net LineDancer> java\bin\keytool -importkeystore -srcstoretype pkcs12 -destkeystore config\.keystore -deststoretype jks -deststorepass ziptie -destalias ziptie -destkeypass ziptie -srckeystore <PFX_FILE> -srcalias <KEY_NAME>

If you don't know the KEY_NAME in the existing key file you can run this command and it will show use the name as the "Alias name":


C:\Program Files\Net LineDancer> java\bin\keytool -v -list -storetype pkcs12 -keystore <PFX_FILE>

If you need delete the existing SSL certificate enter the following command:

C:\Program Files\Net LineDancer> java\bin\keytool -delete -alias ziptie -keystore config\.keystore -storepass ziptie


After replacing the file, please restart the netld service.