Version

Argent Omega – All Versions

Date

Thursday, 27 June 2024

Summary

Argent Omega uses self-signed certificate by default. Certificate is used in two areas:

1. Communication between Generators, especially remote Secondary Generators and Offload Generators.
2. Argent Web Reverse Proxy Service

Though self-signed certificates are safe enough for most internal usage cases, customers might want to use commercial certificates instead.


A commercial certificate is usually provided as password protected PFX file. However, it must be converted to one public key .crt) file and one private key (*.key) before being used in Argent Omega.

The conversion requires the OPENSSL package, which is available out-of-box for various Linux distributions. The easiest way for most Windows users is to use WSL (Windows Subsystem for Linux) on Windows 10 or 11.

1. Run ‘WSL –install’ on Windows 10 or 11 if WSL is not installed yet. Reboot is required after installation.
2. Copy PFX to Linux tmp folder.
   
   
   
3. Open Terminal session and change to /tmp.
   
   
   Click For Full Size
4. Run command to export public key file.
   
   openssl pkcs12 -in {your_certificate}.pfx -nokeys -out {your_certificate}.crt
   
   Note: Replace with appropriate file names in the commands.
5. Run command to export private key file
   
   openssl pkcs12 -in {your_certificate}.pfx -nocerts -out {your_certificate}.key -nodes
6. Copy both public key file (*.crt) and private key file (*.key) to folder
   
   \Argent\ArgentOmega\CERT at Primary Generator machine.

Now it is time to update Argent Omega configuration files to use the commercial certificate.

\Argent\ArgentOmega\ArgentOmegaMain.exe.config

\Argent\NGINX\nginx-1.17.10\conf\nginx.conf

Note: Remember to restart Argent Omega services at Primary Generator to allow new configurations to take effect.

Technical Background

N/A

Resolution

Upgrade to Argent Omega 2.2A-2404-B or later.