Versions Compared

Old Version 2

changes.mady.by.user Jan Klinke

Saved on

compared with

New Version 3

changes.mady.by.user Jan Klinke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • server czlin0211 with installed dbvagentmanager as primary server

  • server czlin0212 as our standby server

  • server czlin0192 where we installed dbvagentmanager as well as dbvcontrol.

Note

There are three types of certificates to replace:

  • primary dbvagentmanager client & server certificate

,

  • standby dbvagentmanager client & server certificate

and

  • dbvcontrol

dbvagentmanager server certificate

  • client & server certificate (these are different from webserver certificate)

All of these three certificates must be signed by the same certificate authority (CA) !!!

...

Use the same CA to sign czlin0212_dbva_request.csr as you used for signing czlin0211_dbva_request.csr

e. Generate certificate for Perform the steps a,b,c on your dbvcontrol server for dbvagentmanagers

Run exactly same commands as in previous step:

Code Block
$ mkdir ~/cert
$ cd ~/cert
$ openssl genrsa -out czlin0212czlin0192_dbva_servercc_priv.key 2048
$ openssl req -new -key czlin0212czlin0192_dbva_servercc_priv.key -out czlin0212czlin0192_dbva_servercc_request.csr
$ openssl x509 -req -in czlin0212czlin0192_dbva_servercc_request.csr -CA ca_root.crt -CAkey ca_priv.key -CAcreateserial -out czlin0212czlin0192_dbva_servercc_cert.crt -days 3650 #this command should be run on server where you setup your own CA

In our example dbvcontrol is on standby server so we run these commands on standby server. If you have dbvcontrol on separate server than primary and standby, run the commands there.

f. Again, use the same CA to sign czlin0192_dbva_request.csr as you used for signing czlin0211_dbva_request.csr and czlin0212_dbva_request.csr

f. Replace all certificates on primary and , standby servers ( and dbvcontrol server if separated from primary and standby)servers

You need to first stop all dbvagentmanagers and also dbvcontrol. No dbvisit process should remain running.

Note

Consider backing up directory /usr/dbvisit/standbymp/certificates before any changes on all servers

Note

file ~/cert/ca_root.crt should be copied from your CA server and needs to be identical on all servers

...

Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt client_ca.pem
$ cp ~/cert/czlin0211_dbva_cert.crt client client_cert.pem
$ cp ~/cert/czlin0211_dbva_priv.key client_prikey.pem
$ cp ~/cert/ca_root.crt server_ca.pem
$ cp ~/cert/czlin0211_dbva_cert.crt server_cert.pem
$ cp ~/cert/czlin0211_dbva_priv.key server_prikey.pem

Copy the certificate in correct place on standby:

Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt client_ca.pem
$ cp ~/cert/czlin0212_dbva_cert.crt client_cert.pem
$ cp ~/cert/czlin0212_dbva_priv.key client_prikey.pem
$ cp ~/cert/ca_root.crt server_ca.pem
$ cp ~/cert/czlin0211czlin0212_dbva_cert.crt clientserver_cert.pem
$ cp ~/cert/czlin0211czlin0212_dbva_priv.key clientserver_prikey.pem

Copy the certificate in correct place on standbydbvcontrol host:

Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt client_ca.pem
$ cp ~/cert/czlin0212czlin0192_dbvacc_cert.crt clientclien_cert.pem
$ cp ~/cert/czlin0212czlin0192_dbvacc_priv.key client_prikey.pem

Copy the dbvcontrol server certificate on standby (or dedicated dbvcontrol host):

Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt server_ca.pem
$ cp ~/cert/czlin0212czlin0192_dbva_servercc_cert.crt server_cert.pem
$ cp ~/cert/czlin0212czlin0192_dbva_servercc_priv.key server_prikey.pem

...