To enable SSL in an environment, Application requires "server.crt" & "server.key" from the Load balancer. First thing we need to identify if Application is using it's own embedded Load Balancer packaged with Application (NGINX), or some other Load Balancer like BIGIP F5, Cisco etc.
If Application is configured with outside Load Balancer then ask LB team to provide Trusted CA certificate and secret key of Load Balancer, so Application can communicate LB with provided certificate and key. If Application is using it's own Load Balancer then we need same above described certificate and key from the server where LB is configured usually provided by Linux Admins.
Please Note: The secret key associated with the certificate cannot be passphrase protected.
If the key is passphrase-protected, the passphrase can be removed using openssl as
follows.
openssl rsa -in mycert_with_pass.key -out server.key
Also, make sure the certificate is valid by running following command. If output of below command will able to display certificate contents then proceed further, otherwise stop and make sure certificate is valid and below command can display the Cert contents.
openssl x509 -in server.crt -text -noout
The output of above command should be look like below screenshot;
Rename the both above files to "server.crt" & "server.key", and place it under some directory which is read/write and executable by maintenance user of DQ+.
The steps below will enable SSL within DQ+:
- Open install.properties located under /opt/infogix/sagacity-3.0/properties using vi editor.
- Jump to Loadbalancer Properties, and set "IS_SSL_ENABLED=true", "LOAD_BAL_SSL_CERT={location of the server.crt file}" & "LOAD_BAL_SSL_CERT_KEY={location of server.key}. As shown in below image.
- Right below Load balancer properties in Step 2, change DEPLOY_PORT and DEPLOY_HOST_URL under Application Access Point Properties. Change port to 443 and under host URL change HTTP to HTTPS
- After above changes, change directory to /opt/infogix/sagacity-3.0/bin and execute "./deploy" script. The deployment process will load certificate across the Application and URL of the Application will change from "http://{URL_to_Access_Application}" to "https://{URL_to_Access_Application}".
- To verify if the Application reading/requiring correct certificate, type above URL either in browser or command line.
Comments
0 comments
Please sign in to leave a comment.