IBM DataPower Operations Dashboard v1.0.16.0

A newer version of this product documentation is available.

You are viewing an older version. View latest at IBM DPOD Documentation.

Replacing Certificates of the Store

The system encrypts the communication between the Store nodes with self-signed certificates generated during the installation.

Use the following procedure to replace these certificates.

  1. Make sure you have the following files in .pem format - use exactly the file names listed below:

    1. CA certificate - custom-es-ca-cert.pem - if there are several CA certificates (root CA and intermediate CAs) - the pem file should contain all certificates concatenated (one after the other).

    2. New Store certificate - dpod-es-server-cert.pem

    3. New Store certificate key - dpod-es-server-key.pem

  2. Stop all the application services using app-util.sh (In a Cell Environment, stop the cell manager as well as all the cell members).

  3. Configure DPOD (In a Cell Environment, configure the cell manager as well as all the cell members):

    1. Log in to DPOD's server using SSH.

    2. Create a new custom keys directory:

      mkdir -p /app/keys/store/custom
    3. Copy the pem files to this directory. i.e.:

      ls /app/keys/store/custom custom-es-ca-cert.pem dpod-es-server-cert.pem dpod-es-server-key.pem
    4. Create the CA certificate bundle:

      cat /app/keys/store/dpod-es-ca-cert.pem /app/keys/store/custom/custom-es-ca-cert.pem > /app/keys/store/custom/dpod-es-ca-cert.pem
    5. Deploy the files to the Store server nodes:

    6. Configure the Store server nodes with the new DN:

  4. Start all the application services using app-util.sh (In a Cell Environment, start the cell manager and all the cell members).

 

IBM DataPower Operations Dashboard (DPOD) v1.0.16.0