IBM DataPower Operations Dashboard v1.0.19.0

A newer version of this product documentation is available.

You are viewing an older version. View latest at IBM DPOD Documentation.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

The system encrypts the communication between the Store nodes with self-signed certificates generated during the installation.

Use the following procedure to replace these certificates.

  1. Make sure you have the new certificate and key files provided in .pem format.

  2. In a Cell Environment, perform all the steps on the cell manager as well as all the cell members.

  3. Log in to DPOD's server using SSH.

  4. Create new custom keys directory 

    mkdir -p /app/keys/store/custom

  5. Copy the key and certificate files to this directory. i.e.:

    ls /app/keys/store/custom
custom-es-ca-cert.pem dpod-es-server-cert.pem dpod-es-server-key.pem

  6. Create certificate chain:

    cat /app/keys/store/dpod-es-ca-cert.pem /app/keys/store/custom/custom-es-ca-cert.pem > /app/keys/store/custom/dpod-es-ca-cert.pem

  7. Deploy the files to Store server nodes:

    # version 1.0.15.0 and above
ls -d1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/certs | xargs -I ddd cp -f /app/keys/store/dpod-es-*.pem ddd

# version 1.0.14.0
ls -d1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/certs | xargs -I ddd cp -f /app/keys/store/custom/dpod-es-*.pem ddd

  8. Configure Store server to accept the domain certified:

    # version 1.0.15.0 and above
ls -1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fff sed -i "/plugins.security.nodes_dn:.*/d" fff
ls -1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fff sed -i "/ - 'CN=.*/d" fff
ls -1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fff sh -c "echo \"plugins.security.nodes_dn:\" >> fff"
ls -1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fff sh -c "echo \"  - '$(openssl x509 -subject -nameopt RFC2253 -noout -in /app/keys/store/custom/dpod-es-server-cert.pem | sed 's/subject= //')'\" >> fff"

# version 1.0.14.0
ls -1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/elasticsearch.yml | xargs -I fff sed -i "/opendistro_security.nodes_dn:.*/d" fff
ls -1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/elasticsearch.yml | xargs -I fff sed -i "/ - 'CN=.*/d" fff
ls -1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/elasticsearch.yml | xargs -I fff sh -c "echo \"opendistro_security.nodes_dn:\" >> fff"
ls -1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/elasticsearch.yml | xargs -I fff sh -c "echo \"  - '$(openssl x509 -subject -nameopt RFC2253 -noout -in /app/keys/store/custom/dpod-es-server-cert.pem | sed 's/subject= //')'\" >> fff"

  9. Stop and start all the application services using app-util.sh

  10. Cell Environment users should stop and start Syslog and WS-M agents in all cell members from app-util.sh:

    1. app-utils.sh → Stop Service → syslog → stop up to this service

    2. app-utils.sh → Start Service → wsm → start up to this service

  • No labels

Copyright © 2015 MonTier Software (2015) Ltd.