<< PREVIOUS NEXT >>

 

 

DEPLOY CUSTOM SSL CERTIFICATE


 

VSP provides default SSL certificates utilized for communication among various components. During CMS deployment, an option is provided to utilize custom SSL certificates instead of the VSP-provided default ones. Follow the steps below:

 

  1. Identify the CMS Client Container ID using the below command:

    1. Containers:

      docker ps | grep client-service

       

       

      Picture 9

    2. VMs:

      docker ps | grep cms-client

       

       

      Picture 10

    3. Make a note of the container ID for further steps 

  2. Enable Shared Volume Mounts for Client Service

    1. Copy the custom certificates, key files and rootCA in the volume mount directory on the Master Node

      1. For Kubernetes, copy on Master node directory: /home/virsec/customer-certs

      2. For VMs, copy on CMS VM directory: /var/lib/customer-certs

  3. Create the properties file vsp-cms-certs.properties in the root directory of the associated mount folder with the below content format:

     

    ssl_certificate_file_path=<PATH_TO_SSL_CERTIFICATE_FILE_AND_NAME>

    ssl_certificate_key_file_path=<PATH_TO_SSL_CERTIFICATE_KEY_FILE_AND_NAME>

    ssl_client_certificate_file_path=<PATH_TO_SSL_CLIENT_CERTIFICATE_FILE_AND_NAME>

    http_proxy_rootCA=<CERTIFICATE_FILENAME>

    http_ldaps_rootCA=<LDAPS_CERTIFICATE_FILENAME>

     

    NOTE:

    The property ssl_certificate_file_path is optional. But when it is used, ensure that the two properties ssl_certificate_file_path and ssl_certificate_key_file_path are used together

    The property http_proxy_rootCA is optional. Utilize it when proxy server is applied for outbound call in the respective service

     

  4. After the property file creation, copy the files on the mount folder as mentioned in the properties file

  5. For Containers, execute the below command to apply the custom certificates

    1. - kubectl -n virsec create configmap cms-certs --from-file=./customer-certs/ --dry-run=client -o yaml | kubectl -n virsec apply -f -

       

  6. Restart the CMS container using the below command:

    1. docker restart <container_id>

       

       

    2. During restart, the CMS UI may be affected momentarily without any effect on other VSP features

  7. Verification

    1. After the container restart, log in to the CMS UI using valid credentials using a browser

    2. Verify the certificate in use

      Graphical user interface, application
Description automatically generated

     

    NOTE:

    Since the changes are made to a running container, if that container instance is restarted, the above configurations must be performed again

     

  8. (If required) For containers, execute the command below to delete the applied custom certificates:

    1. kubectl -n virsec create configmap cms-certs

       

       

 

<< PREVIOUS NEXT >>