SeaCat Gateway Certificate Renewal

When the SeaCat Gateway Certificate about to end, it is necessary to run a renewal procedure.

1. Backup of old certificate

# cp /opt/seacat/etc/gateway_cert.pem /opt/seacat/etc/gateway_cert_old.pem

2. Create CSR with inputs related to the installation. Common Name has to be the same as before. Other fields can change, but it is not recommended.

# openssl req -out /opt/seacat/etc/gateway_csr.pem -key /opt/seacat/etc/gateway_key.pem -new

Country Name (2 letter code) [AU]: Country (e.g. UK)
State or Province Name (full name) [Some-State]: State (e.g. Great-Britain)
Locality Name (eg, city) []: City (e.g. London)
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Company Name (e.g. My Company Ltd)
Organizational Unit Name (eg, section) []: Company Unit Name (e.g. CRM Mobile)
Common Name (e.g. server FQDN or YOUR name) []: Gateway Name (e.g. gw-crm.s.seacat.mobi or gw-mobile-security.s.seacat.mobi)
Email Address []: Contact email address (e.g. support@mycompany.com)
A challenge password []:
An optional company name []:

3. Copy all Certificate Signing Request texts from start to end, paste them into a new mail and send them to support@teskalabs.com with CSR request: + Common Name as an email subject:

# cat /opt/seacat/etc/gateway_csr.pem

An example of copied text:

-----BEGIN CERTIFICATE REQUEST-----
MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
...
...
...
wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
-----END CERTIFICATE REQUEST-----

4. Copy and paste SeaCat Gateway Certificate you received via email into the console:

# cat > /opt/seacat/etc/gateway_cert.pem

An example of SeaCat Gateway Certificate to copy:

-----BEGIN CERTIFICATE-----
MIIGBzCCA++gAwIBAgIEAuQ0BDANBgkqhkiG9w0BAQwFADCBnjELMAkGA1UEBhMC
Q1oxFzAVBgNVBAgMDkN6ZWNoIFJlcHVibGljMQ8wDQYDVQQHDAZQcmFndWUxFDAS
IB7UbxOMrCG/fAedZZ93ImwxCenjDM+EMdXT8Atu+rwhdW4RdLG1b66kAqwVmnAs
...
...
...
HUI8Eps13fpbl/ehac32PlJ+LLXwbk/R3E35H19lVVetWvE/0FxI325Vab5HwJmr
To+c/nv6jKXzy6rYWvjAvx1AeepBie56TQSOHwTHbTykDDKSB7fbfJGpYBjBisYV
sO8a5EyYbTKQlMbfNcJHltJukKpMcLwolV4rbpyP7bVNsMnKDALw3P1YDkIMSNhA
dY8RsP6GWCAEGa8=
-----END CERTIFICATE-----

5. Press Enter to create the file and CTRL-D simultaneously to continue.

6. Restart SeaCat Gateway

# sudo service seacatd restart

Found a mistake? Please contact us.