Skip to main content

 

Druva Documentation

How to validate the integrity of the SSL Certificate

Overview 

The SSL Certificate in inSync includes a private key and a certificate that you receive from Certification Authority (CA). When you create a custom certificate, the newly generated certificate may contain errors. If such a certificate is uploaded on the inSync Server, you cannot access the inSync Admin Console.

It is recommended to validate the integrity of certificate integrity to avoid any unscheduled downtime.

Procedure

  1. Create a certificate. Refer to the article

  2. Save the certificate in the .PEM format. Consider you have saved your certificate as new_inSync_Cert.pem.

Note: If you have the certificate saved in the text format, you can change the extension from *.TXT to *.PEM.

  1. Copy the new_inSync_Cert.pem certificate to OpenSSL's bin directory. The default OpenSSL directory is C:\OpenSSL-Win32\bin or C:\OpenSSL-Win64\bin.
  2. Open Command Prompt with elevated rights and navigate to the bin directory.
  3. Type the following command:
openssl.exe s_server -cert <certname> -www

For example:

openssl.exe s_server -cert new_inSync_Cert.pem -www
  1. Keep the command prompt up and running.
  2. Open a Web browser and type the following URL: https://<FQDN>:4433/

Note: The FQDN is the DNS name for which the certificate is created. The port 4433 is utilized by the OpenSSL server and is valid until the command prompt is up and running.

  1. Verify the certificate from the browser.
  • If there is no error, you will find the HTTPS in green and the certificate capabilities will be printed in the browser window.
  • If there is an error, the same will be printed in the OpenSSL Command Prompt.
  1. Once the certificate is validated, you can use this certificate to load in the inSync Server.