Versions Compared

Old Version 2

changes.mady.by.user Jan Klinke

Saved on

compared with

New Version Current

changes.mady.by.user Jan Klinke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Controlcenter Webserver Certificate (this is a certificate which is provided to your browser whenever you login and work with controlcenter)

  2. Dbvagentmanager and Controlcenter communication Certificates (these are internal certificates used for internal Dbvisit communication)

...

The last step is to replace existing dbvcontrol certificates with the signed certificate. You will need to copy your CA root certificate ca_root.crt to the dbvcontrol host (not the CA private key!)

Note

Consider backing up directory /usr/dbvisit/standbymp/certificates before any changes

First of all, stop dbvcontrol. Then proceed with Overwrite the existing files (all our custom certificates are in ~/cert):

Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt www_ca.pem
$ cp ~/cert/czlin0212_cert.crt www_cert.pem
$ cp ~/cert/czlin0212_priv.key www_prikey.pem
Note
Consider backing up directory /usr/dbvisit/standbymp/certificates before any changes
Now start dbvcontrol and verify in browser the new certificate is correctly used:
...
  • server czlin0211 with installed dbvagentmanager as primary server
  • server czlin0212 as our standby server 
  • server czlin0192 where we installed dbvagentmanager as well as dbvcontrol. 
 Note
There are three types of certificates to replace: 
  • primary dbvagentmanager client & server certificate
, 
  • standby dbvagentmanager client & server certificate
 and 
  • dbvcontrol 
 dbvagentmanager 
  • client & server certificate 
All of these three 
  • (these are different from webserver certificate)
All of these certificates must be signed by the same certificate authority (CA) !!!
...
Use the same CA to sign czlin0212_dbva_request.csr as you used for signing czlin0211_dbva_request.csr
e. Generate certificate for Perform the steps a,b,c on your dbvcontrol server for dbvagentmanagers
Run exactly same commands as in previous step:
 Code Block
$ mkdir ~/cert
$ cd ~/cert
$ openssl genrsa -out czlin0212czlin0192_dbva_servercc_priv.key 2048
$ openssl req -new -key czlin0212czlin0192_dbva_servercc_priv.key -out czlin0212czlin0192_dbva_servercc_request.csr
$ openssl x509 -req -in czlin0212czlin0192_dbva_servercc_request.csr -CA ca_root.crt -CAkey ca_priv.key -CAcreateserial -out czlin0212czlin0192_dbva_servercc_cert.crt -days 3650 #this command should be run on server where you setup your own CA
In our example dbvcontrol is on standby server so we run these commands on standby server. If you have dbvcontrol on separate server than primary and standby, run the commands there.Again, use the same CA to sign czlin0192_dbva_request.csr as you used for signing czlin0211_dbva_request.csr and czlin0212_dbva_request.csr
f. Replace all certificates on primary and , standby servers ( and dbvcontrol server if separated from primary and standby)You need servers
You need to first stop all dbvagentmanagers and also dbvcontrol. No dbvisit process should remain running.
 Note
Consider backing up directory /usr/dbvisit/standbymp/certificates before any changes on all servers
 Note
 Code Block
$ cd /usr/dbvisit/standbymp/certificates
file ~/cert/ca_root.crt should be copied from your CA server and needs to be identical on all servers
Copy the certificate in correct place on primary:
~/cert/ca_root.crt should be copied from your CA server and needs to be identical on all servers
Copy the certificate in correct place on primary:
 Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt client_ca.pem
$ cp ~/cert/czlin0211_dbva_cert.crt client_cert.pem
$ cp ~/cert/czlin0211_dbva_priv.key client_prikey.pem
$ cp ~/cert/ca_root.crt server_ca.pem
$ cp ~/cert/czlin0211_dbva_cert.crt server_cert.pem
$ cp ~/cert/czlin0211_dbva_priv.key server_prikey.pem
Copy the certificate in correct place on standby:
 Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt client_ca.pem
$ cp ~/cert/czlin0212_dbva_cert.crt client_cert.pem
$ cp ~/cert/czlin0212_dbva_priv.key client_prikey.pem
$ cp ~/cert/ca_root.crt clientserver_ca.pem
$ cp ~/cert/czlin0211czlin0212_dbva_cert.crt clientserver_cert.pem
$ cp ~/cert/czlin0211czlin0212_dbva_priv.key clientserver_prikey.pem
Copy the certificate in correct place on standbydbvcontrol host:
 Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt client_ca.pem
$ cp ~/cert/czlin0212czlin0192_dbvacc_cert.crt clientclien_cert.pem
$ cp ~/cert/czlin0212czlin0192_dbvacc_priv.key client_prikey.pem
Copy the dbvcontrol server certificate on standby (or dedicated dbvcontrol host):
 Code Block
$ cd /usr/dbvisit/standbymp/certificates
$ cp ~/cert/ca_root.crt server_ca.pem
$ cp ~/cert/czlin0212czlin0192_dbva_servercc_cert.crt server_cert.pem
$ cp ~/cert/czlin0212czlin0192_dbva_servercc_priv.key server_prikey.pem
...