Description: This article explains how to change the default SSL self-signed certificate, RSA private key and cipher list to use your own security parameters when encryption is enabled between the RHA engines.
Solution: First you must enable encryption in your scenario, this option appears in version 16.1.1 or later, to enable encryption follow the following article: https://arcserve.zendesk.com/hc/en-us/articles/202042289 .
Once encryption is enabled, follow the following instructions to choose your own security method:
- If there are running scenarios that are currently using the Engines for which you want to change the security method, stop them through CA ARCserve RHA Manager.
- Log in to the Master and Replica host where the Engine is running.
- In the Services dialog, stop the Engine service on both the Master and Replica servers.
- Using Windows Explorer, browse to Engine installation directory, where the ws_rep.cfg file is located.
Note: The default installation directory is: C:\Program Files\CA\ARCserveRHA\Engine.
- Open the ws_rep.cfg file with WordPad or another text editor.
Note: We do not recommend using Notepad, due to its limited view options.
- Do the following in the ws_rep.cfg file:
- Find the # SSLSelfSignedCertificate = '[INSTALLDIR]/cacert.pem' section.
- Change the SSLSelfSignedCertificate = '[INSTALLDIR]/cacert.pem' to reflect the name of the SSL self-signed certificate that you want to use and remove the # symbol at the beginning of the line.
- Find the # SSLRSAPrivateKey = '[INSTALLDIR]/cakey.pem' section.
- Change the SSLRSAPrivateKey = '[INSTALLDIR]/cakey.pem' to reflect the name of RSA private key that you want to use and remove the # symbol at the beginning of the line.
- Save the ws_rep.cfg file.
Important! While the configuration files on the Master and Replica servers can be different, you must ensure that the parameters you use to change the security method be identical in both the Master and Replica servers' ws_rep.cfg file.
The Engine security method is changed in the ws_rep.cfg file.
- Start the Engine Service on both the Master and Replica.
- Open the Manager, highlight the scenario, and restart it.
Note: If the SSL self-signed certificate and RSA private key fail to load, the default setting is used and a warning message will display in the CA ARCserve RHA Manager.
More information: If you are not on version 16.1.1 or later and would like to obtain the latest version you can download 16.1.2 from the following location: http://downloads.arcserve.com/ARCserveRHA/r16SP2/GA/CA_RHA_r16SP2.zip