Configure HTTPS for Enterprise Console in SAN Deployments

To configure HTTPS for the Enterprise Console deployed for a Subject Alternative Name (SAN) on AWS, you will need to generate keys from the san.cnf file. The instructions below show you how to enter multiple hostnames and aliases for the Enterprise Console in the san.cnf file and then generate the keys with it.

  1. Create your san.cnf file for the SAN. In the following example san.cnf file, multiple domain names and aliases are defined in [ alt_names ].
    [ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
prompt             = no
[ req_distinguished_name ]
countryName           = IN
stateOrProvinceName   = Karnataka
localityName          = Bangalore
organizationName      = Appdynamics
commonName            = ECserver
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1   = ECserver.com
DNS.2   = ECserver.secondary.com
DNS.3   = ECserver.alias1.com
DNS.4   = ECserver.alias2.com
IP.1        = 10.10.10.10
IP.2        = 10.10.10.9
  2. Using the san.cnf file, generate the private key and CSR with the following openssl command:
    openssl req -new -newkey rsa:2048 -nodes -out sslcert.csr -keyout private.key -config san.cnf
  3. Check the CSR to confirm the SANs are correct:
    openssl req -noout -text -in sslcert.csr | grep DNS
openssl req -noout -text -in sslcert.csr | grep IP
  4. Sign the CSR by a certified authority (CA).
  5. Update the certificate for the Enterprise Console:
    ./platform-admin.sh update-certificate --private-key <privateKeyfile> --ssl-cert <sslCertFile> --ssl-chain <sslChainfile1> <sslChainfile2> <...>