User Tools
databaseandnetworkmanagement:ssl_configuration
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| databaseandnetworkmanagement:ssl_configuration [2022/04/13 13:53] – 10.91.120.28 | databaseandnetworkmanagement:ssl_configuration [2022/06/14 10:56] (current) – 10.91.110.100 | ||
|---|---|---|---|
| Line 41: | Line 41: | ||
| - **Server Private key** - The private key is generated simultaneously with the CSR (certificate signing request), containing the domain name, public key and additional contact information. The CSR is to be sent to the certificate authority for validation and signing immediately after the certificate activation typically. The private key must be kept secret, ideally on the same server the certificate will be installed on. (This is generated on the server) | - **Server Private key** - The private key is generated simultaneously with the CSR (certificate signing request), containing the domain name, public key and additional contact information. The CSR is to be sent to the certificate authority for validation and signing immediately after the certificate activation typically. The private key must be kept secret, ideally on the same server the certificate will be installed on. (This is generated on the server) | ||
| - | ===== Loading the cert into Java ===== | + | ===== Update SSL Certs ===== |
| - | **There is now a playbook | + | Pull the master branch of the [[https:// |
| + | |||
| + | * Load the cert into Java | ||
| + | * Load the cert into Apache | ||
| + | * Restart Apache | ||
| + | |||
| + | < | ||
| + | |||
| + | There is no need to shut down all applications anymore. | ||
| + | |||
| + | For AWS based environments, | ||
| + | |||
| + | * Sign into AWS console | ||
| + | * Navigate to Home Page | ||
| + | * Load Balancers -> Listeners -> View/Edit certificates ACM | ||
| + | * https:// | ||
| + | * Selecting certiciate relevant to environment -> Actions -> Reimport Certificate | ||
| + | * Paste in the contents of the three certificate files from env-configuration (already PEM encoded) into the corresponding fields. | ||
| + | * Certificate private key | ||
| + | * Certificate body | ||
| + | * Certificate chain | ||
| + | |||
| + | |||
| + | ===== Loading the cert into Java (Handled by Playbook) ===== | ||
| In order for the applications to obtain the certificate it must be loaded into javas list of certs via keytool. The bundle and sub cert files should both be loaded at this point. This step needs to be done on each server that is running any applications using java. The cert files should be transferred to all application servers. | In order for the applications to obtain the certificate it must be loaded into javas list of certs via keytool. The bundle and sub cert files should both be loaded at this point. This step needs to be done on each server that is running any applications using java. The cert files should be transferred to all application servers. | ||
| Line 78: | Line 101: | ||
| - | ===== Load the cert into Apache (load balancer) ===== | + | ===== Load the cert into Apache (Handled by Playbook) ===== |
| **Transfer the cert files(bundle file, cert and server key) to the load balancer into the following directory: | **Transfer the cert files(bundle file, cert and server key) to the load balancer into the following directory: | ||
| Line 104: | Line 127: | ||
| - | ===== Restart Applications and Apache ===== | + | ===== Restart Applications and Apache |
| **Applications do not need a restart anymore when using the reconfigure_ssl playbook, only the httpd service needs a restart** | **Applications do not need a restart anymore when using the reconfigure_ssl playbook, only the httpd service needs a restart** | ||
| - Shutdown all applications | - Shutdown all applications | ||
databaseandnetworkmanagement/ssl_configuration.1649854416.txt.gz · Last modified: 2022/04/13 13:53 by 10.91.120.28
Page Tools
