Introduction

This article describes how to update current SSL certificates on SES server.

Description

The following procedure explains how to upgrade the SSL certificate when this one expires or after FQDN change. This allow to avoid any SSL alert on browser when accessing SES Console web interface.

Procedure

Requirements

Provide the 2 following files:
- x509 PEM encoded Base64 ASCII certificate (including certificate chain if required)
- unencrypted RSA Base64 key ASCII file

 The 2 files should contain the strings "-----BEGIN..." and "-----END...".

SSL certificate & private copy

1. Copy the certificate & private key files into:

/opt/systran/apps-node/enterprise-server/certificates
/opt/systran/apps-node/translation-gateway/certificates

2. If systran user is not the files owner, change it using following command

chown systran:systran /opt/systran/apps-node/enterprise-server/certificates/* && chown systran:systran /opt/systran/apps-node/translation-gateway/certificates/*

SES Console settings changes

1. On SES Console web interface, go to Administration > Settings > HTTPS Settings then change the path for HTTPS certificate & private key fields as shown below:

SES Gateway settings changes

Edit the Gateway config file: /opt/systran/apps-node/translation-gateway/config/default.yaml

translate-api:
  port: 8903
  https:
    port: 8904
    activate: true
    privateKey: certificates/[your certificate].key
    certificate: certificates/[your certificate].crt

Services restart

1. Once the changes are made on SES Console web interface, restart the services on the server

CentOS/RedHat 7

systemctl restart systran-ses-console && systemctl restart systran-ses-gateway && systemctl restart systran-trs-console

CentOS/RedHat 6

service systran-ses-console restart && service systran-ses-gateway restart && service systran-trs-console restart

2. Then relog on SES Console web interface