Backup: Linux system - ensure you shutdown and snapshot.

Outage: The guest portal will restart - do this when there is no event.


  1. Shutdown the CMX server and snapshot prior to making any changes.

  2. Log in cmx vis ssh with username cmxadmin,     Server ip for  rla 10.21.120.163,  Server ip for  aami 10.21.120.162
  3. Create a CSR by the following command
  4. cmxctl config certs createcsr
    —l $ cmxcCI config cerCs createcsr For SAN field of CSR, enter FQDN for CMX server . mopC . Vic . gov . au 4096 Key-type is RSA, so generating RSA key with length Generating RSA private key, 4096 bit long mcdulus e is 65537 (Ox10001) You are about to be asked Co enter information that will be incorporated into ymur certificate What are about to There are quite a few For some fields there If enter ' Che request . enter is what is called a Distinguished Name or a DN . fields but you can leave some blank will be a default value, field will be left blank. Country Name (2 letter code) [ALI] : AU State or Province Name (full name) [Some—Statel : Victoria Locality Name leg, city) [l : Melbcn_une Organization Name leg, company) [Internet WidgiCs Pty Ltd] : Melbourne and Olympic Park Organizational Unit Name leg, section) : IT Comnon Name (e . g. server FQDN or YOUR name) . mopc.vic.gov.au] : . mopc.vic.gov.au Email Address [l : admin@mopc . Vic. gov. au Please enter Che following extra' attributes to be sent with your certificate request A challenge password [l : MOPT1234 An optional company name : MOPI The CSR is stored in : / opt/ cmx/srv/certs/cmxservercsr . pem The Private key is stored in: . pem Please copy/ move these files to home directory .

  5. View the CSR file by the following command
    cat  /opt/cmx/srv/certs/cmxservercsr.pem 

  6. Copy the csr and request a certificate from DigiCert
    —l $ cat . pem -BEGIN CERTIFICATE REQUEST- Ml 1 aWN Ob3 JpYTE S cms S W 1 w aWMgUGFyazELMAkGA1 UECwwCSVQx1 JMQS DTVgcMDEubWgwdcs 2 aWMuZ2g2LmFIMSQw1gYJKoZ1hvcNAQkBFhVThZG1pbkBcb3BOLnZpYysnb3YuYXUw 1b3 ICDwAwgg1KA01CAQCO / 3Nyo JINO WY00RvowxNRe /TBaQNAC1wJFgVm7 ZLZmAw1 fwH2mdSKRocg qswJe+wHzsyaUnyMScGpnWdWd 1KSdeyazogo/wsxzSCT/xqXhp+cwuscSFU+sRPh1ZKe406nSZlSZdad7A3T1kWDm PMzxu1Lca2gg3zmXn0Vkc30EEpw02SRC7 alAJ3d07BceL/dwU3Ppwg1dxLb7wgL/BKaYccysok0E1m14K131FXmgmlgeygyVu Z POJ80HcEuC1vkGHEYARsnE21hSPwc1 GANhWVPqFvcyssC1mwLZnE6sgEQ6zbXIA107 e0MwbFJ3mMEJkn20RodcYND80nLg csqGS1b3DQEJBzEKDAhNTIBUMT1zNDBtBgkqhkiGgw0BCQ4xYDBeMAkGAIUdEwQC



    Request Duplicate certificate for Order Basic OV Get an exact copy of your certificate using a new CSR. The duplicate certificate details will match the de different. Duplicate certificates are an immediate certificate issuance process. Your domain and organization vali( Add your CSR O Upload a CSR or paste it here. TO rgnain secure, certificates must use keys Which are at least 2048 bits in length Supported algorithms and key lengths P*YFxeKoxxosh12q+pk11R7/ ngFxfDyNSQedNeJMSvHE7xHG xh2xbsrex/be2P /zoyqocaMzsnsV1 s c cQ muvbfyhxAkgm7xwsemb*2hjceNu1YuCNeNGxn3AbaexuxoviRw1wunjvqRJxCQz w.ovu11nh1GerTz12vEeS1vj1hN+jknQézkny999UyresgsvhW9vfEsmAP%'8Poa 7zhvnxqr1AJn017qsjLe5DkevNb3jsqvgeszoxc,'s/ iu181ed4jjwsbPHJFb1QRP Ix13zdegzdiL3TSJ R/ xkuhkNaLuhPZF3iv23q9joosfEoXH+nufKY9H13rHOApsseRvrQéciy8d6FPu= -END CERTIFICATE REQUEST Common name / SANS Common name SANS (Optional) aamiÆmx-01 rla-cmx-01 _

  7. Bundle private key with the signed certificate into a .pem file. Copy and paste them as follows:
    -----BEGIN RSA PRIVATE KEY----- < Private Key
     MIIEpAIBAAKCAQEA2gXgEo7ouyBfWwCktcYo8ABwFw3d0yG5rvZRHvS2b3FwFRw5
     ...
     -----END RSA PRIVATE KEY-----
     -----BEGIN CERTIFICATE-----     <  Signedcertificate
     MIIFEzCCAvugAwIBAgIBFzANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx    Step 2.Bundle the Intermediate and root CA certificates into a .crt file. Copy and paste themas follows:
    -----ENDCERTIFICATE-----
     -----BEGIN CERTIFICATE-----     < Intermediate CA certificates
     ...
     -----END CERTIFICATE-----
     -----BEGIN CERTIFICATE-----     < The root CA certificate
     MIIGqjCCBJKgAwIBAgIJAPj9p1QMdTgoMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
     ...
     -----END CERTIFICATE-----
  8. View private key by
    cat  /opt/cmx/srv/certs/cmxserverkey.pem

  9. Upload the combine certificate by WinSCP
    - Desktop Upload • Desktop — cmxadmin@IO.21.120.163 — WinSCP Local Mark Files Commands Tabs Options Remote Help Synchronize Queue • Transfer Settings cmxadmin@10.21.120.163 X NewTab • Z] rla- Z] rla Default [7 Edit • X Properties • New - Melbourne & Olympic cmxadmir • Download • / home/cmxadmin/ Edit • X Name Z] rla- mx-OI .pem Size 10 KB Properties • New Changed 1 084407 22/04/2020 57:DO 20/09/2024 141421 Find Files Rights rw-xr-xr-x rw-xr-xr-x rw-r--r-- ie.vbs MFA Microsoft.txt Microsoft 365 multi.d... @ MOPT Microsoft Aut... @ MOPTVPN Access - My Drive.lnk 0 Net,XpIorer - 10.21.13... New Microsoft Word $ New Microsoft Word Z] New Text Document - Z] New Text Document New Text Document.txt Printers.lnk putty.exe @ Quote 76426.pdf mx-OI .pem mx-OI mopt_vic... Size 345 KB 425 KB 223 KB 224 KB 15 KB 757 KB 1,742 KB 10 KB Type VBScript Script File Text Document Microsoft Word Adobe Acrobat Adobe Acrobat Text Document Shortcut Shortcut Microsoft Word Microsoft Word Text Document Text Document Text Document Shortcut Application Adobe Acrobat PEM File PEM File Changed 12/10/2023 21/06/2024 163621 2/07/2024 143613 22/07/2024 26/08/2024 17: 58 16/09/2024 10/05/2023 16/09/2024 W165g 16/09/2024 16/09/2024 1221•32 13/08/2024 11/04/2024 6/01/2024 22/10/2022 6/03/2018 12/09/2024 103803 20/09/2024 141421 20/09/2024 Owner cmxad... cmxad...

  10. Clear the current certificate by running the following command
    cmxctl config certs clear
  11. import intermediate certificate
    cmxctl config certs importcacert CARoot.crt
  12. Import  server certificate
    cmxctl config certs importservercert rla-cmx-01.pem
  13. Restart the CMX service 
    cmxctl stop -a

    then

    cmxctl start -a