Blog :: Security Operations

How to Enable SSL in Scrutinizer


One of the most common cases we get up here in support is helping customers with their SSL certificates (or TLS or HTTPS domain, depending on your verbiage of choice). This is an easy task to perform.

Log in to the appliance through console access or SSH into the device. From there, type:


set ssl on

Follow the prompts.

What is the secure tcp port to be used [443]? 443

What is the two-letter abbreviation for your country? US

What is the state/province of your organization? ME

What is the city of your organization? Kennebunk

What is the name of your organization? Plixer

What is the organizational unit ? Support

What is the contact’s email address? [email protected]

What is the server name or IP of the Scrutinizer server?

What is the key encryption size? (2048, 4096) [2048]? 4096

There! That was an easy topic! See you all next…

What? You have a signed certificate?

…Well, we can easily set that up too.

How to Enable SSL with a Signed Certificate

A signed certificate can be (and usually is) paired with a key. For simplicity’s sake, we will want to rename your cert and key to ca.csr and ca.key for the names of the files we are creating.

After running the -ssl on scrut_util command, find the ca.csr file found in /etc/pki/tls/certs.

Send the server.csr or ca.csr file to the Certificate Authority (CA). Ask them to sign it and return it as Base64 encoded and not DER encoded.

Once you receive the signed SSL cert, stop the Apache service.

service httpd stop

Now replace the active SSL cert with the new one.

To do this, move the current ca.crt to ca.crt.bak to back up the original certificate.

mv ca.crt ca.crt.bak

Then create the ca.crt file and paste in the new cert.

vi ca.crt

Write and quit.


Alternatively, you can SCP the file to Scrutinizer.$ scp foobar.txt [email protected]:/etc/pki/tls/certs

Restart Apache.

service httpd restart

If there is a key, navigate to /etc/pki/tls/private.

mv ca.key ca.key.bak

Then you can either SCP the file to the correct location or create a new file and paste the key in.

Write and quit.


Finally, restart Apache.

service httpd restart


If you happen to get a error message when restarting apache. Contact support or you may check

journalctl -xe

This is the first place I go to troubleshoot. Usually the cert is not encoded in Base64 or the key is not in the proper location. If a problem arises we probably have seen it, so give us a call.

If you find these steps to be difficult or come across bumps on the way, please reach out to support at 207.324.8805 *4. We can get you up and running.

While setting up SSL, you might like this blog from my colleague Joanna on Setting Up LDAP with Scrutinizer.