IBM DataPower Operations Dashboard v1.0.19.0

A newer version of this product documentation is available.

You are viewing an older version. View latest at IBM DPOD Documentation.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The system encrypts the communication between the Store nodes with self-signed certificates generated during the installation.

Use the following procedure to replace these certificates.

  1. Make sure you have the new certificate and key files provided in .pem format.

  2. In a Cell Environment, perform all the steps on the cell manager as well as all the cell members.

  3. Log in to DPOD's server using SSH.

  4. Create new custom keys directory 

    mkdir -p /app/keys/store/custom

  5. Copy the key and certificate files to this directory. i.e.:

    ls /app/keys/store/custom
my-cert.pem  my-key.pem

  6. Deploy key and certificate pem files to all Store nodes:

    ls -d1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/certs | xargs -I ddd cp -f /app/keys/store/custom/* ddd
In version 1.0.14.0:
ls -d1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/certs | xargs -I ddd cp -f /app/keys/store/custom/* ddd

  7. Update file names in Store nodes configuration files (replace <certificate file name> and <key file name> in the command below):

    ls -1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fff sed -i "s|plugins.security.ssl.http.pemcert_filepath:.*|plugins.security.ssl.http.pemcert_filepath: certs/<certificate file name>|" fff
ls -1 /app/opensearch_nodes/config/MonTier-es-raw-trans-*/opensearch.yml | xargs -I fff sed -i "s|plugins.security.ssl.http.pemkey_filepath:.*|plugins.security.ssl.http.pemkey_filepath: certs/<key file name>|" fff
In version 1.0.14.0:
ls -1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/elasticsearch.yml | xargs -I fff sed -i "s|opendistro_security.ssl.http.pemcert_filepath.*|opendistro_security.ssl.http.pemcert_filepath: certs/<certificate file name>|" fff
ls -1 /app/elasticsearch_nodes/config/MonTier-es-raw-trans-*/elasticsearch.yml | xargs -I fff sed -i "s|opendistro_security.ssl.http.pemkey_filepath.*|opendistro_security.ssl.http.pemkey_filepath: certs/<key file name>|" fff

  8. Stop and start all the application services using app-util.sh

  9. Cell Environment users should stop and start Syslog and WS-M agents in all cell members from app-util.sh:

    1. app-utils.sh → Stop Service → syslog → stop only this service

    2. app-utils.sh → Stop Service → wsm → stop only this service

    3. app-utils.sh → Start Service → syslog → start only this service

    4. app-utils.sh → Start Service → wsm → start only this service

  • No labels

Copyright © 2015 MonTier Software (2015) Ltd.