AIOps

 View Only
  • 1.  Replace self signed certificates after the installation

    Posted Mon September 27, 2021 12:15 PM
    In the documentation, it describes how to use a custom certificate during installation (Creating a custom certificate for the console). However, I could not find any information on how to replace the self signed certificate by a custom certificate AFTER the installation. In my case, I installed the system using the self signed certificate, and now I cannot integrate ChatOps using Teams, as it is mandatory to have a valid public certificate otherwise the integration will not work (this is also not documented by de way).

    Any ideas how to do this? 

    Thanks

    Danilo

    ------------------------------
    Danilo Luna
    ------------------------------


  • 2.  RE: Replace self signed certificates after the installation

    IBM TechXchange Speaker
    Posted Mon September 27, 2021 10:33 PM
    @Stacy Pedersen Tagging you since this talks about Documentation.​

    ------------------------------
    Veeramani Nambi
    Offering Manager, GoToMarket - Communities
    ------------------------------



  • 3.  RE: Replace self signed certificates after the installation

    IBM TechXchange Speaker
    Posted Tue September 28, 2021 12:53 PM
    Edited by Angus Jamieson Tue September 28, 2021 01:01 PM

    Hi Danilo,

    I am glad you have resolved the issue and that my email helped somewhat - Just to capture things here, and thank you for your email and insights.

    I [Danilo] followed Steps 1-3 at https://www.ibm.com/docs/en/cloud-paks/cp-waiops/3.1.1?topic=advanced-creating-custom-certificate-console before I asked the question. It did not work. However, I believe the issue was because I still had to restart the ngix service as mentioned on your email. Unfortunately, I stopped my cluster yesterday and when I started it today, the certificate was working, so I cannot guarantee that it was only that step missing. So, I would say, to change the certificate, one must:

     

    Follow Steps 1-3 as stated above

    Then:

    REPLICAS=$(oc get pods -l component=ibm-nginx -o jsonpath='{ .items[*].metadata.name }' | wc -w)
    oc scale Deployment/ibm-nginx --replicas=0
    # scale up nginx

    sleep 3
    oc scale Deployment/ibm-nginx --replicas=${REPLICAS}

     

    Also, please add two things in the documentation: @Stacy Pedersen

     

    The official instructions on how to change the certificate. This would certainly be needed when a certificate expires

    Mention in the integration with Teams that a valid certificate is needed for the integration to work, and then point to the instructions on how to do it.



    ------------------------------
    Angus Jamieson
    IT Service Management Solutions Architect
    IBM
    Edinburgh
    ------------------------------



  • 4.  RE: Replace self signed certificates after the installation

    Posted Tue September 28, 2021 01:36 PM
    Hi Danilo and Angus, I've opened up a Dev Git issue to have the documentation updated. Thank you for bringing this to my attention. 

    Stacy Pedersen

    ------------------------------
    Stacy Pedersen
    ------------------------------



  • 5.  RE: Replace self signed certificates after the installation

    IBM TechXchange Speaker
    Posted Tue September 28, 2021 02:07 PM
    Thanks Stacy !

    ------------------------------
    Veeramani Nambi
    Offering Manager, GoToMarket - Communities
    ------------------------------



  • 6.  RE: Replace self signed certificates after the installation

    Posted Mon October 04, 2021 10:29 AM
    1. On the XTAM installation host server open the file {XTAM_HOME}/web/conf/Catalina. ...
    2. Scroll down to the section labeled # SSL Certificate.
    3. Enter the path to your certificate for the parameter item. cert.path=
    4. Enter the password for your certificate in the parameter item. cert.password= ...
    5. Save and close this file.
    Select the certificate that you want to renew, and then click Renew in the details pane. On the Renew Exchange certificate page that opens, verify the read-only list of Exchange services that the existing certificate is assigned to, ps3 sims 3 cheats here and then click OK.

    ------------------------------
    james asc
    ------------------------------