Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Controlcenter Webserver Certificate (this is a certificate which is provided to your browser whenever you login and work with controlcenter)

  2. Dbvagentmanager and Controlcenter communication Certificates (these are internal certificates used for internal Dbvisit communication)

...

The last step is to replace existing dbvcontrol certificates with the signed certificate. You will need to copy your CA root certificate ca_root.crt to the dbvcontrol host (not the CA private key!)

Note

Consider backing up directory /usr/dbvisit/standbymp/certificates before any changes

First of all, stop dbvcontrol. Then proceed with Overwrite the existing files (all our custom certificates are in ~/cert):

Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt www_ca.pem
$ cp ~/cert/czlin0212_cert.crt www_cert.pem
$ cp ~/cert/czlin0212_priv.key www_prikey.pem
Note
Consider backing up directory /usr/dbvisit/standbymp/certificates before any changes

Now start dbvcontrol and verify in browser the new certificate is correctly used:

...

  • server czlin0211 with installed dbvagentmanager as primary server

  • server czlin0212 as our standby server

  • server czlin0192 where we installed dbvagentmanager as well as dbvcontrol.

Note

There are three types of certificates to replace:

  • primary dbvagentmanager client & server certificate

,
  • standby dbvagentmanager client & server certificate

and
  • dbvcontrol

dbvagentmanager
  • client & server certificate

All of these three
  • (these are different from webserver certificate)

All of these certificates must be signed by the same certificate authority (CA) !!!

...

Use the same CA to sign czlin0212_dbva_request.csr as you used for signing czlin0211_dbva_request.csr

e. Generate certificate for Perform the steps a,b,c on your dbvcontrol server for dbvagentmanagers

Run exactly same commands as in previous step:

Code Block
$ mkdir ~/cert
$ cd ~/cert
$ openssl genrsa -out czlin0212czlin0192_dbva_servercc_priv.key 2048
$ openssl req -new -key czlin0212czlin0192_dbva_servercc_priv.key -out czlin0212czlin0192_dbva_servercc_request.csr
$ openssl x509 -req -in czlin0212czlin0192_dbva_servercc_request.csr -CA ca_root.crt -CAkey ca_priv.key -CAcreateserial -out czlin0212czlin0192_dbva_servercc_cert.crt -days 3650 #this command should be run on server where you setup your own CA

In our example dbvcontrol is on standby server so we run these commands on standby server. If you have dbvcontrol on separate server than primary and standby, run the commands there.Again, use the same CA to sign czlin0192_dbva_request.csr as you used for signing czlin0211_dbva_request.csr and czlin0212_dbva_request.csr

f. Replace all certificates on primary and , standby servers ( and dbvcontrol server if separated from primary and standby)You need servers

You need to first stop all dbvagentmanagers and also dbvcontrol. No dbvisit process should remain running.

Note

Consider backing up directory /usr/dbvisit/standbymp/certificates before any changes on all servers

Note
Code Block
$ cd /usr/dbvisit/standbymp/certificates

file ~/cert/ca_root.crt should be copied from your CA server and needs to be identical on both servers

Copy the certificate in correct place on primary:

~/cert/ca_root.crt should be copied from your CA server and needs to be identical on all servers

Copy the certificate in correct place on primary:

Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt client_ca.pem
$ cp ~/cert/czlin0211_dbva_cert.crt client_cert.pem
$ cp ~/cert/czlin0211_dbva_priv.key client_prikey.pem
$ cp ~/cert/ca_root.crt server_ca.pem
$ cp ~/cert/czlin0211_dbva_cert.crt server_cert.pem
$ cp ~/cert/czlin0211_dbva_priv.key server_prikey.pem

Copy the certificate in correct place on standby:

Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt client_ca.pem
$ cp ~/cert/czlin0212_dbva_cert.crt client_cert.pem
$ cp ~/cert/czlin0212_dbva_priv.key client_prikey.pem
$ cp ~/cert/ca_root.crt clientserver_ca.pem
$ cp ~/cert/czlin0211czlin0212_dbva_cert.crt clientserver_cert.pem
$ cp ~/cert/czlin0211czlin0212_dbva_priv.key clientserver_prikey.pem

Copy the certificate in correct place on standbydbvcontrol host:

Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt client_ca.pem
$ cp ~/cert/czlin0212czlin0192_dbvacc_cert.crt clientclien_cert.pem
$ cp ~/cert/czlin0212czlin0192_dbvacc_priv.key client_prikey.pem

Copy the dbvcontrol server certificate on standby (or dedicated dbvcontrol host):

Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt server_ca.pem
$ cp ~/cert/czlin0212czlin0192_dbva_servercc_cert.crt server_cert.pem
$ cp ~/cert/czlin0212czlin0192_dbva_servercc_priv.key server_prikey.pem

...