IBM DataPower Operations Dashboard v1.0.16.0
A newer version of this product documentation is available.
You are viewing an older version. View latest at IBM DPOD Documentation.
Replacing Certificates of the Store
The system encrypts the communication between the Store nodes with self-signed certificates generated during the installation.
Use the following procedure to replace these certificates.
Make sure you have the following files in
.pem
format - use exactly the file names listed below:CA certificate -
custom-es-ca-cert.pem
- if there are several CA certificates (root CA and intermediate CAs) - thepem
file should contain all certificates concatenated (one after the other).New Store certificate -
dpod-es-server-cert.pem
New Store certificate key -
dpod-es-server-key.pem
Stop all the application services using
app-util.sh
(In a Cell Environment, stop the cell manager as well as all the cell members).Configure DPOD (In a Cell Environment, configure the cell manager as well as all the cell members):
Log in to DPOD's server using SSH.
Create a new custom keys directory:
mkdir -p /app/keys/store/custom
Copy the
pem
files to this directory. i.e.:ls /app/keys/store/custom custom-es-ca-cert.pem dpod-es-server-cert.pem dpod-es-server-key.pem
Create the CA certificate bundle:
cat /app/keys/store/dpod-es-ca-cert.pem /app/keys/store/custom/custom-es-ca-cert.pem > /app/keys/store/custom/dpod-es-ca-cert.pem
Deploy the files to the Store server nodes:
Configure the Store server nodes with the new DN:
Start all the application services using
app-util.sh
(In a Cell Environment, start the cell manager and all the cell members).
Â