Create a new self-signed certificate

Portal Dedicated configuration

The Portal Dedicated supplies a script to generate a new self-signed certificate.

The script is createSelfSignedCertificateKeystore.sh in the scripts directory.

./scripts/createSelfSignedCertificateKeystore.sh [comma separated domain names] [comma separated ip addresses]

It will backup the old controller.keystore.p12, and generate a new one based on details provided.

For example:

To create a certificate for domain names ‘example.com’ and ‘localhost', with IP addresses ‘192.168.0.1’ and '12.34.56.1’, run the scripts with inputs:

./scripts/createSelfSignedCertificateKeystore.sh example.com,localhost 192.168.0.1,12.34.56.1

The output of the script will confirm the SANs values used to create the certificate e.g.:

Creating certificate with SAN DNS: dns:example.com,dns:localhost
Creating certificate with SAN IPS: ip:192.168.0.1,ip:12.34.56.1
Generating 2,048 bit RSA key pair and self-signed certificate (SHA384withRSA) with a validity of 3,650 days for: CN=CA
The certificate keystore has been backed up to /opt/waratek/controller.keystore.p12.backup.2025-03-24-12-47-12
And a new certificate keystore has created at /opt/waratek/controller.keystore.p12
If the Portal is running it needs to be restarted: sudo systemctl restart portal

The domain and IP address provided as input to the script need to match the server the Portal Dedicated is installed on to satisfy Chrome and certain other browsers that no longer check the Common Field value and look for SAN values.

The Portal Dedicated needs to be restarted for the new certificate to take effect:

sudo systemctl restart portal

You have successfully reached Milestone Progress Checkpoint #2