Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Avamar 19.2: How to install CA Signed certificate using AUI

Summary: This KB describes how to install certificate using AUI for version 19.2.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Instructions

This article is for Avamar 19.2.x.  

Task details:   
The following procedure creates, import the private key and its certificate, distribute the key and certificate into each component (avinstaller, aam/flr/dtlt, mcsdk, rmi and AUI), and then import all levels of trusted certificates into your certificate chain, resulting in the replacement of the listed component's certificates.

Steps to install certificate using AUI:  
  1. Log in to Avamar PuTTY as admin user.
  2. Create a certs directory under /home/admin and switch to /home/admin/certs directory with commands:   
mkdir certs
cd certs
  1. Generate PKCS1 formatted RSA private key: 
openssl genrsa -out private_key.pem 3072
  1. Switch to root user and cd to the certs directory:
su -
cd /home/admin/certs
  1. Generate the certificate signing request (csr), using the generated private key. This command specifies a subject alternative name extension which is automatically filled with the fully qualified domain name of the Avamar server and the shortname.
    openssl req -newkey rsa:3072 -sha256 -key private_key.pem -days 3650 -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS: $(hostname -f),DNS: $(hostname)")) -out signing_request.csr
    
    Example of filling in Distinguished Name information:
    
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:US
    State or Province Name (full name) [Some-State]:California
    Locality Name (eg, city) []:Irvine
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dell Technologies
    Organizational Unit Name (eg, section) []:Avamar Support
    Common Name (e.g. server FQDN or YOUR name) []:avamarlab.dell.com
    Email Address []:
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
  2. Change ownership of the signing request to admin:
    chown admin:admin /home/admin/certs/signing_request.csr
  3. Send signing_request.csr to CA and get it signed. Ensure that all certs received from CA are in PEM format. Assuming you have received signed certificate as avamar_server.crt, get root and intermediate certs from CA as well.
  4. Copy the private_key.pem from /home/admin/certs to desktop. Place signed cert (avamar_server.crt), combine root cert and intermediate cert in a ca.crt file, and place on desktop.
  5. Open AUI page in browser with Fully Qualified Domain Name (FQDN):    
https://fqdn_of_avamar/aui 
  1. In the AUI, go to Administration > System > Certificate tab > Private Key tab. A private certificate entry for the Web Server appears in the table.
  2. Click the radial button next to the Web Server entry > Click +REPLACE tab. The Replace Private Entry wizard displays.
  3. In the Private Key field, click Browse to locate and select your certificate's private key. In our case, it is private_key.pem placed on desktop. 
  4. In the Certificate field, click Browse to locate and select your certificate file. It should be avamar_server.crt.
  5. (Optional) If the private key is protected, provide the passphrase, otherwise leave it blank and click Next.
  6. Certificate validation is initiated. If the validation fails (for example, if you selected private_key.pem for the private key and ca.crt for the certificate), a message displays indicating the private key and certificate do not match.
  7. When validation completes successfully, click FINISH.
  8. Under the Certificate tab, select the Trust Certificate tab > click +IMPORT. The Import Certificate wizard displays.
  9. In Alias field, provide any alias names, example: trustedCA. In the File field, click BROWSE to locate and import the appropriate trusted certificate. In our case, it is ca.crt on desktop. Click NEXT.
  10. Click FINISH. After the import completes, review the trusted certificate details under the Trust Certificate tab.
  11. Click RESTART SERVICES to apply certificate, and then click YES to verify you want to restart these services.
(Note: It restarts Apache Tomcat and MCS).

Products

Avamar
Article Properties
Article Number: 000158014
Article Type: How To
Last Modified: 29 May 2023
Version:  6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.