Preserving custom SSL certificates

If you are using custom SSL certificates, learn how to preserve them across Netezza Performance Server upgrade.

Before upgrade

  1. Log in to the ipshost container.
  2. Copy server-cert.pem and server-key.pem to the persistent storage.
    1. mkdir /nzscratch/custom_ssl_certs
    2. cp -rp /nz/data/security/server-cert.pem /nzscratch/custom_ssl_certs/server-cert.pem 
    3. cp -rp /nz/data/security/server-key.pem /nzscratch/custom_ssl_certs/server-key.pem

After upgrade

Before you start Netezza Performance Server, run the following commands.
  1. Changed directories to /nz/kit/share/security.
    cd /nz/kit/share/security

  2. Copy the backed up server-cert.pem and server-key.pem files to /nz/kit/share/security.

    • For 11.0.7.0 and lower
      • If enable_tls_v12 = 1 or if enable_tls_v12 is not present, run the following commands:
        1. mv server-key.pem.sample server-key.pem.sample.BKP
        2. mv server-cert.pem.sample server-cert.pem.sample.BKP
        3. cp -rp /nzscratch/custom_ssl_certs/server-cert.pem server-cert.pem.sample
        4. cp -rp /nzscratch/custom_ssl_certs/server-key.pem server-key.pem.sample
      • If enable_crypto_std_v1 =1, run the following commands:
        1. mv server-cert-sp800-131a.pem.sample server-cert-sp800-131a.pem.sample.BKP
        2. mv server-key-sp800-131a.pem.sample server-key-sp800-131a.pem.sample.BKP
        3. cp -rp /nzscratch/custom_ssl_certs/server-cert.pem server-cert-sp800-131a.pem.sample
        4. cp -rp /nzscratch/custom_ssl_certs/server-key.pem server-key-sp800-131a.pem.sample
    • For 11.0.7.1 and later, run the following commands:
      1. mv server-cert-sp800-131a.pem.sample server-cert-sp800-131a.pem.sample.BKP
      2. mv server-key-sp800-131a.pem.sample server-key-sp800-131a.pem.sample.BKP
      3. cp -rp /nzscratch/custom_ssl_certs/server-cert.pem server-cert-sp800-131a.pem.sample
      4. cp -rp /nzscratch/custom_ssl_certs/server-key.pem server-key-sp800-131a.pem.sample
  3. Start the system.
    1. nzstart