l4i
Configuration
SSL Certificates
6min
trex requires ssl certificates to secure communications amongst applications within the platform trex does provide the ability to create its own self signed certificates certificates are generated through the certificate manager application the following are execution guidelines for managing the certificates for trex regenerate and configure certificates after completing file modifications, such as those noted below, the following steps are required to regenerate and configure the new certificates for use with the trex platform stop all trex applications rename (or delete) the \<trex install location>\x509 directory e g x509 old start the certificate manager application \<trex install location>\start cert mgr ps1 upon successful completion, exit/stop the certificate manager application start trex close and open a new browser instance import the newly generated certificates; follow the existing steps here note it not required, but recommended, to remove the previously configured certificates personal > gimmal configuration manager client trusted root certification authorities > gimmal trex root ca modify the expiry length the expiry length for certificates is located within the \<trex install location>\config\trex certmgr application json file within the defaults validity object default value 3650 (units in days; 10 years) to modify the expiry length of all certificates, edit the trex certmgr application json file modify the defaults validity value e g for 1 year expiry length "validity" 365 save the file edit execute the regenerate and configure certificates steps, noted above modify a password each application with the trex platform is created with its own trustore and keystore, to permit or restrict communication amongst applications passwords exist for each application's truststore and keystore these passwords exist in \<trex install location>\config\trex certmgr application json one of the following \<trex install location>\config\application cfgmgr yaml \<trex install location>\config\application dao yaml \<trex install location>\config\application ngin yaml \<trex install location>\config\application cnn yaml each connector has its own respective yaml config file; however, the application cnn yaml is inherited in each case as well a password configuration also exists for the client certificate, which exists in \<trex install location>\config\trex certmgr application json specifically exports privatekeys storepass object to modify a password, edit the trex certmgr application json file and edit the respetive yaml file, as required for example, to modify the password for both configuration manager certificates and the client certificate trex certmgr application json edits navigate to keystores keystore "trex cfgmgr keystore p12" edit the storepass object, e g { 	"keystore" "trex cfgmgr keystore p12", 	"storepass" "newpassword1", 	"aliases" \["trex cfgmgr server"] }, navigate to truststores truststore "trex cfgmgr truststore p12" edit the storepass object, e g { 	"keystore" "trex cfgmgr truststore p12", 	"storepass" "newpassword2", 	"aliases" \[ 	 "trex cfgmgr client", 	 	 "trex cnn trex websvc server" 	] }, navigate to exports privatekeys edit the storepass object, e g "privatekeys" \[{ 	"alias" "trex cfgmgr client", 	"file" "exports/trex cfgmgr client p12", 	"storepass" "newpassword3" }] application cfgmgr yaml edits navigate to and edit the server ssl object edit the key store password and trust store password values, e g server port 8443 ssl key store /x509/trex cfgmgr keystore p12 key store password newpassword1 key alias trex cfgmgr server trust store /x509/trex cfgmgr truststore p12 trust store password newpassword2 execute the regenerate and configure certificates steps, noted above password creation guidlines it is recommended not to use, but if using the \ or " characters, these must be escaped with the \ character within the json and yaml files, e g not escaped this"is\apwd escaped this\\"is\\\apwd although not used by default, it is recommended to surround the passwords in the yaml file with double quotes e g server port 8443 ssl key store /x509/trex cfgmgr keystore p12 key store password "newpassword1" key alias trex cfgmgr server trust store /x509/trex cfgmgr truststore p12 trust store password "newpassword2" modify access to configuration manager by default, configuration manager is configured as accessible locally through a browser through http //localhost 8443 an ip or dns configuration can be added and included in the certificate creation edit the trex certmgr application json file navigate to the master certificates object edit the "alias" "trex cfgmgr server" object for a new dns entry, add in a new entry in the "dns" array for example, to add a dns config with a name of trex cfgmgrtest com with an ip of 188 77 166 88 { 	"alias" "trex cfgmgr server", 	"dn" { 	 "commonname" "versafile configuration manager application" 	}, 	"san" { 	 "dns" \["localhost", "trex cfgmgrtest com"], 	 "ip" \["127 0 0 1", "188 77 166 88"] 	} }, note an ip can be added on its own, without a dns entry execute the steps, noted above by default, configuration manager is configured as accessible locally through a browser through http //localhost 8443 an ip or dns configuration can be added and included in the certificate creation edit the trex certmgr application json file navigate to the master certificates object edit the "alias" "trex cfgmgr server" object for a new dns entry, add in a new entry in the "dns" array for example, to add a dns config with a name of trex cfgmgrtest com with an ip of 188 77 166 88 { 	"alias" "trex cfgmgr server", 	"dn" { 	 "commonname" "versafile configuration manager application" 	}, 	"san" { 	 "dns" \["localhost", "trex cfgmgrtest com"], 	 "ip" \["127 0 0 1", "188 77 166 88"] 	} }, note an ip can be added on its own, without a dns entry execute the regenerate and configure certificates https //linkenterprise docs gimmal com/ssl certificates steps, noted above