IBM DataPower Operations Dashboard v1.0.17.0

A newer version of this product documentation is available.

You are viewing an older version. View latest at IBM DPOD Documentation.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

The system encrypts the communication between the Store nodes with self-signed certificates generated during the installation.

Use the following procedure to replace these certificates.

  1. Make sure you have the following files in .pem format - use exactly the file names listed below:

    1. CA certificate - custom-es-ca-cert.pem

    2. Server certificate - dpod-es-server-cert.pem

    3. Server certificate key - dpod-es-server-key.pem

  2. In a Cell Environment, perform all the steps on the cell manager as well as all the cell members.

  3. Log in to DPOD's server using SSH.

  4. Create new custom keys directory 

    mkdir -p /app/keys/store/custom

  5. Copy the pem files to this directory. i.e.:

    ls /app/keys/store/custom
custom-es-ca-cert.pem dpod-es-server-cert.pem dpod-es-server-key.pem

  6. Create CA certificate bundle:

    cat /app/keys/store/dpod-es-ca-cert.pem /app/keys/store/custom/custom-es-ca-cert.pem > /app/keys/store/custom/dpod-es-ca-cert.pem

  7. Deploy the files to the Store server nodes:

    ls -d1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/certs | xargs -I ddd cp -f /app/keys/store/dpod-es-*.pem ddd

  8. Configure the Store server nodes with the new DN:

    ls -1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fff sed -i "s#plugins.security.nodes_dn:.*#plugins.security.nodes_dn: ['$(openssl x509 -subject -nameopt RFC2253 -noout -in /app/keys/store/custom/dpod-es-server-cert.pem | sed 's/subject= //')']#" fff

  9. Stop and start all the application services using app-util.sh

  • No labels

IBM DataPower Operations Dashboard (DPOD) v1.0.17.0