Applying an SSL Certificate to a Vx Enterprise System
Pelco Video Management
An SSL Certificate + Private Key with either CN=Core VIP(If not using DNS) or CN=The Hostname Associated with the Core VIP(if using DNS)
Files need to be in PCKS12(.pfx or .p12 file extension) or PEM format(.pem file extension).
Supplemental Technical Note:
- PEM files may or may not come with the .pem extension.
- To check if a Certification file is valid, open the file in text editor and the contents should begin with. ---------BEGIN followed by base64 encoded characters. If the file extension is .txt simply change it to .pem to convert.
- To combine an SSL Certificate with its Private Key file you can use the following example: cat server.crt server.key > server.YOUR_CERTIFICATE.pem
Installing an SSL Certificate depends upon the System Configuration, the steps below will guide you through Single and Dual Core Configurations
Single Core Configuration Steps:
Step 1: Using a machine with OpenSSL installed, exectue the following command: openssl pkcs12 -export -inkey YOUR_CERTIFICATE.pem -in YOUR_CERTIFICATE.pem -out YOUR_CERTIFICATE.p12
Step 2: When prompted, enter an export password for encrypting the .p12 file
Step 3: Copy the .p12 file to the following path C:\Program Data\Pelco\Core\core\config
Step 4: Open the vxcore.yml file at the following path C:\Program Data\Pelco\Core\core\config in a text editor and Change the following lines below sslConnector:
Please see the example below for reference:
Edit and change to the following:
*Note: If the password contains special characters on any kind, you will need to enclose it in double-qoutes.
Step 5: Restart the VideoXpert Core Service
*Note: Restarting the Core Service will cause a very short outage on the system.
Installing an SSL Certificate on a cluster will require Steps 3-5 to be repeated on the Secondary Core as well as the following additional steps:
Step 6: Putty into the Accessory Server, and enter the following command to gain root access: sudo root and enter the necessary credentials
Step 7: If the Certificate + Private Key are in PCKS12 format, convert them to PEM with the following command: openssl pkcs12 -in YOUR_CERTIFICATE -out YOUR_CERTIFICATE.pem -nodes
Step 8: Enter the following commands to copy the PEM file to the correct places:
cp certAndPrivateKey.pem /etc/ssl/private/vxcore.pem
cp certAndPrivateKey/pem /usr/share/pelco/supportbox/haproxy/vxcore.pem
service haproxy restart
*Note: Restarting the haproxy service will cause a very short outage on the system.
Step 9: If you have a Secondary Accessory Server, Steps 6-9 must be repeated on the Secondary.
Step 10: After adding the Certificate, you must go to each Ops Center in the System and nable SSL Certififcate Validation as seen below: