Tutorial: Recovering SSL Web Certificates from the Config DB
How to retrieve SSL web certificates installed on an Access Server.
Overview
Occasionally, users may need to extract SSL web certificates from their Access Server, whether to reuse them elsewhere, back them up, or transfer them to a new installation. Since Access Server stores these files in SQLite3 format within its configuration database, retrieving them can be challenging. However, this guide provides steps to extract and store the SSL certificate data separately. Note that this guide is relevant only for those who have installed a commercial SSL certificate with private key and intermediary (CA) bundle files on their Access Server and need to recover them.
An installed Access Server.
An installed commercial SSL certificate with private key and intermediary (CA) bundle files.
Console access with root privileges.
Connect to your console with root privileges.
Switch to the scripts directory:
cd /usr/local/openvpn_as/scripts/
Open your CA bundle:
./confdba -gk "cs.ca_bundle"
Copy the certificate by scrolling up, if necessaring, and selecting from BEGIN CERTIFICATE. Stop when you hit the last END CERTIFICATE.
Paste the contents into a text editor and save the file as ca.pem.
Open your private key:
./confdba -gk "cs.priv_key"
Copy the key by scrolling up, if necessaring, and selecting from BEGIN RSA PRIVATE KEY. Stop when you hit the last END RSA PRIVATE KEY.
Paste the contents into a text editor and save the file as server.key.
Open your server certificate file:
./confdba -gk "cs.cert"
Copy the certificate by scrolling up, if necessaring, and selecting from BEGIN CERTIFICATE. Stop when you hit the last END CERTIFICATE.
Paste the contents into a text editor and save the file as server.crt.
You now have a backup of the files originally submitted to Access Server and installed.
You can now use these files to install them on your Access Server. Follow your preferred tutorial below: