Updating security certificates
To ensure secure communication between Wired and other systems, periodically update the SSL certificates that are used for this communication.
The following communication takes place between the Wired portal and other systems:
- SAML communication between Wired portal and its identity provider.
- Communication between Wired portal and the external services that include public cloud services, such as AWS and Azure, and Cloud Pak services, such as the Zen authentication service.
- HTTPS communication between Wired portal and its user.
Updating security certificates for SAML communication
On the Red Hat® OpenShift® Container Platform cluster where the Wired portal is installed, complete the following steps:
- Delete the secret that is used to store the SAML authentication credentials by running this
command:
oc delete secret cp4na-o-wired-configs
- Configure SAML authentication for your identity provider. You can also configure SAML signature and encryption between the Wired portal and your identity provider. For more information, see Configuring SAML authentication.
Updating security certificates for external services
On the Red Hat OpenShift Container Platform cluster where the Wired portal is installed, complete the following steps:
- Gather the security certificates for the external services that the Wired portal communicates with, and store them in a file system directory. For more information, see Gathering security certificates for external services.
- Delete the secret that is used for adding the certificates to the truststore by running this
command:
oc delete secret cp4na-o-wired-trustedcerts
- Go to the file system directory, and add the certificates to the portal's truststore by running
this
command:
oc create secret generic cp4na-o-wired-trustedcerts --from-file=.
Updating security certificates for HTTPS communication
Note: When you install the Wired portal, make sure that the
mcnpGeneratedSslCert
attribute is set to false, so that the SSL certificate for HTTPS connection
can be updated.On the Red Hat OpenShift Container Platform cluster where the Wired portal is installed, complete the following steps:
- Generate the certificate and private key by using an online tool, such as OpenSSL. The following command
shows an example for
openssl
:openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout tls.key -out tls.crt
- Save the certificate as tls.crt and private key as tls.key to a file system directory.
- Delete the secret that is used for adding the certificate and private key to the keystore by
running this command:
oc delete secret cp4na-o-mcnp-cert
- Go to the file system directory, and add the certificate and private key to the keystore by
running this command:
oc create secret generic cp4na-o-mcnp-cert --from-file=.
- Restart the
mcnp
pod by running this command:oc delete pod -n <cp4na_namespace> <mcnp_pod_name>
<mcnp_pod_name> is the name of the
mcnp
pod.The pod restarts automatically.