Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000158014

Avamar 19.2: How to install CA Signed certificate using AUI

Summary: This KB describes how to install certificate using AUI for version 19.2.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Instructions

This article is for Avamar 19.2.x.  

Task details:   
The following procedure creates, import the private key and its certificate, distribute the key and certificate into each component (avinstaller, aam/flr/dtlt, mcsdk, rmi and AUI), and then import all levels of trusted certificates into your certificate chain, resulting in the replacement of the listed component's certificates.

Steps to install certificate using AUI:  
  1. Log in to Avamar PuTTY as admin user.
  2. Create a certs directory under /home/admin and switch to /home/admin/certs directory with commands:   
mkdir certs
cd certs
  1. Generate PKCS1 formatted RSA private key: 
openssl genrsa -out private_key.pem 3072
  1. Switch to root user and cd to the certs directory:
su -
cd /home/admin/certs
  1. Generate the certificate signing request (csr), using the generated private key. This command specifies a subject alternative name extension which is automatically filled with the fully qualified domain name of the Avamar server and the shortname. 
    openssl req -newkey rsa:3072 -sha256 -key private_key.pem -days 3650 -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS: $(hostname -f),DNS: $(hostname)")) -out signing_request.csr

Example of filling in Distinguished Name information:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Irvine
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dell Technologies
Organizational Unit Name (eg, section) []:Avamar Support
Common Name (e.g. server FQDN or YOUR name) []:avamarlab.dell.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
  2. Change ownership of the signing request to admin: 
    chown admin:admin /home/admin/certs/signing_request.csr
  3. Send signing_request.csr to CA and get it signed. Ensure that all certs received from CA are in PEM format. Assuming you have received signed certificate as avamar_server.crt, get root and intermediate certs from CA as well.
  4. Copy the private_key.pem from /home/admin/certs to desktop. Place signed cert (avamar_server.crt), combine root cert and intermediate cert in a ca.crt file, and place on desktop.
  5. Open AUI page in browser with Fully Qualified Domain Name (FQDN):    
https://fqdn_of_avamar/aui 
  1. In the AUI, go to Administration > System > Certificate tab > Private Key tab. A private certificate entry for the Web Server appears in the table.
  2. Click the radial button next to the Web Server entry > Click +REPLACE tab. The Replace Private Entry wizard displays.
  3. In the Private Key field, click Browse to locate and select your certificate's private key. In our case, it is private_key.pem placed on desktop. 
  4. In the Certificate field, click Browse to locate and select your certificate file. It should be avamar_server.crt.
  5. (Optional) If the private key is protected, provide the passphrase, otherwise leave it blank and click Next.
  6. Certificate validation is initiated. If the validation fails (for example, if you selected private_key.pem for the private key and ca.crt for the certificate), a message displays indicating the private key and certificate do not match.
  7. When validation completes successfully, click FINISH.
  8. Under the Certificate tab, select the Trust Certificate tab > click +IMPORT. The Import Certificate wizard displays.
  9. In Alias field, provide any alias names, example: trustedCA. In the File field, click BROWSE to locate and import the appropriate trusted certificate. In our case, it is ca.crt on desktop. Click NEXT.
  10. Click FINISH. After the import completes, review the trusted certificate details under the Trust Certificate tab.
  11. Click RESTART SERVICES to apply certificate, and then click YES to verify you want to restart these services.
(Note: It restarts Apache Tomcat and MCS).

Article Properties

Product

Avamar

Last Published Date

29 May 2023

Version

6

Article Type

How To

Back to Top