Hi All,
I did the following steps for the Portal component and was able to
overwrite the self-signed certificate with a new one.
Regards
Vivek
# Here is what we did to update the portal self-signed SSL certificate
*# use the old SSL keystore file from oom repository this is presented as
secret *
*# and mounted within the container under *
*/opt/apache-tomcat-8.0.37/keystoreONAPPortal.p12*
#
oom/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12
*# Extract the private key and certificates into a text file*
*# Used the keypass: ",@{9!OOv%HO@#c+0Z}axu!xV"*
openssl pkcs12 -in keystoreONAPPortal.p12 -out portal-certificates.txt
*# Extarted the portal private key from portal-certificates.txt*
*# Created the following files*
portal-private.pem
portal-certficate.cer
*# Generated the CSR from the above two files*
openssl x509 -x509toreq -in portal-certficate.cer -out portal.csr -signkey
portal-private.pem
*# Regenerated the self signed certificate with the above CSR*
*# Nex 5 years*
openssl x509 -signkey portal-private.pem -in portal.csr -req -days 1825
-out portal-new-certficate.cer
*# Regenerated portal-certificates-new.txt file*
*# And regenerated the keystoreONAPPortal.p12*
openssl pkcs12 -export -in portal-certificates-new.txt -out
keystoreONAPPortal-new.p12
*# Redeployed portal component*
helm undeploy dev-portal --purge
sudo rm -rf /dockerdata-nfs/dev-portal
*# Redeployed portal again*
helm upgrade --install dev-portal local/portal --namespace onap --timeout
900 -f ~/global-overrides.yaml
*# Verify if the portal has the new certificate validity*
*# Replaced the following file and redeployed portal*
cp keystoreONAPPortal-new.p12
~/oom/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12
*# Verify the Certificate detail using openssl command*
export SERVER_IP=192.168.122.238
export SERVER_PORT=30225
echo | openssl s_client -showcerts \
-servername gnupg.org \
-connect ${SERVER_IP}:${SERVER_PORT} 2>/dev/null \
| openssl x509 -inform pem -noout -text
# Now the validity of the portal self-signed SSL certificate got the new one
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
20:09:74:e2:84:6c:d1:37:e0:af:dc:99:c4:39:0b:d8:9a:d9:be:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = portal, emailAddress = , OU = [email protected],
OU = OSAAF, O = ONAP, C = US
Validity
* Not Before: May 18 12:10:39 2020 GMT*
* Not After : May 17 12:10:39 2025 GMT*
Subject: CN = portal, emailAddress = , OU = [email protected],
OU = OSAAF, O = ONAP, C = US
Subject Public Key Info:
On Tue, May 12, 2020 at 10:31 PM Vivekanandan Muthukrishnan via
lists.onap.org <[email protected]> wrote:
> Hi Portal team,
>
> We would like to generate and update the portal SSL certificates. Could
> you please point to any Wiki page references.
>
> I see that ONAP portal-app is using
> /opt/apache-tomcat-8.0.37/truststoreONAPall.jks for both keystore and
> truststore. I am not quite sure, what is the alias and CSR being used.
>
> Any help would be appreciated.
>
> Regards
> Vivek
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21103): https://lists.onap.org/g/onap-discuss/message/21103
Mute This Topic: https://lists.onap.org/mt/74163242/21656
Group Owner: [email protected]
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
