<< PREVIOUS NEXT >>

DEPLOY CUSTOM SSL CERTIFICATE FOR CMS

VSP provides default SSL certificates utilized for communication among various components. During CMS deployment, an option is provided to utilize custom SSL certificates instead of the VSP-provided default ones. Follow the steps below:

1. Identify the CMS Client Container ID and Dashboard Settings MFE Client Container ID using the below commands:

   1. Containers: Make a note of the container IDs for further steps

      

      docker ps | grep cms-client

       

       

      

   2. VMs: Make a note of the container IDs for further steps

      

      docker ps | grep client

       

      

      docker ps | grep dashboard-settings

       

      

2. Enable Shared Volume Mounts for Client Service

   1. Copy the custom certificates, key files and rootCA in the volume mount directory on the Master Node

      1. For Kubernetes, copy on Master node directory: /home/virsec/customer-certs

      2. For VMs, copy on CMS VM directory: /var/lib/customer-certs

3. Create the properties file vsp-cms-certs.properties in the root directory of the associated mount folder with the below content format:

    

   

   ssl_certificate_file_path=<PATH_TO_SSL_CERTIFICATE_FILE_AND_NAME>

   ssl_certificate_key_file_path=<PATH_TO_SSL_CERTIFICATE_KEY_FILE_AND_NAME>

   ssl_client_certificate_file_path=<PATH_TO_SSL_CLIENT_CERTIFICATE_FILE_AND_NAME>

   http_proxy_rootCA=<CERTIFICATE_FILENAME>

   http_ldaps_rootCA=<LDAPS_CERTIFICATE_FILENAME>

    

   NOTE:

   The property ssl_certificate_file_path is optional. But when it is used, ensure that the two properties ssl_certificate_file_path and ssl_certificate_key_file_path are used together

   The property http_proxy_rootCA is optional. Utilize it when proxy server is applied for outbound call in the respective service

    

4. After the property file creation, copy the files on the mount folder as mentioned in the properties file

5. For Containers, execute the below command to apply the custom certificates

   1. 

      - kubectl -n virsec create configmap cms-certs --from-file=./customer-certs/ --dry-run=client -o yaml | kubectl -n virsec apply -f -

       

6. Restart the CMS containers: CMS Client and Dashboard Settings MFE Client using the below command:

   1. 

      docker restart <container_id>

       

       

   2. During restart, the CMS UI may be affected momentarily without any effect on other VSP features

7. Verification

   1. After the container restart, log in to the CMS UI using valid credentials using a browser

   2. Verify the certificate in use

      

    

   NOTE:

   Since the changes are made to a running container, if that container instance is restarted, the above configurations must be performed again

    

8. (If required) For containers, execute the command below to delete the applied custom certificates:

   1. 

      kubectl delete configmap cms-certs -n virsec

       

   2. 

      kubectl -n virsec create configmap cms-certs

       

<< PREVIOUS NEXT >>