Backing up or Restoring CA-signed Certificates

For security reasons, the normal backup of the DSC - SP2000 Platform configuration does not contain the CA-signed configuration of the Web UI. 

Backing up CA-signed certificates from the Management CPU

Use the following procedure to ensure your certificates and the associated private keys are backed up. 

To back-up CA-signed certificates

1. As a root user, SSH to the Management CPU. 
      

2. At the Linux prompt, change directories by entering the following command:

   cd /opt/cpu_ss7gw/current/scripts

3. Backup private keys and certificates by entering the following command:

   ./DSCCertMgr.py --dbg --mode="exportPKCS12"

4. When prompted for an Export Password, create a password.

   The password will be used when performing a restore operation.

5. Copy the backup file CA-signed configuration keyStore.pfx off the management node. 

    

6. Delete keyStore.pfx on the management node. 

   rm -f /opt/cpu_ss7gw/current/www/ca/keyStore.pfx

Restoring CA-signed certificates to the Management CPU

To restore the private keys and certificates backed up into .pfx file use the following procedure:

To restore CA-signed certificates

1. As a root user, SSH to the Management CPU.
        

2. At the Linux prompt, change directories by entering the following:

   cd /opt/cpu_ss7gw/current/scripts

3. Copy the backup file to the management node (see the following example).

   In the following example, it is assumed keyStoreFromMay.pfx is the backup file you are copying from your machine to the management node.

   scp keyStoreFromMay root@<IP address of Mgmt CPU>:/opt/cpu_ss7gw/current/www/ca/

4. Restore the configuration by entering the following:

   /opt/cpu_ss7gw/current/scripts/DSCCertMgr.py --dbg --mode="importPKCS12"
    --pfx_file="/opt/cpu_ss7gw/current/www/ca/keyStoreFromMay.pfx"

5. When prompted for Import Password, enter Export Password set during backup. 

   You will be prompted to the password three times.

   
   

6. Verify access on all three DNS.