Generate and Install SSL Certificates in Cloud Exchange
Generate and Install SSL Certificates in Cloud Exchange
When first installed, Cloud Exchange does not require an SSL certificate and the web server can be reached over an unencrypted connection.
Note
There are two SSL-related folders created on the file system: ssl_certs
and ca_certs
.
If you want to add your own SSL certificate(s), you can add them to the ta_cloud_exchange/data/ssl_certs
directory, or /opt/cloudexchange/cloudexchange/data/ssl_certs
in the VM version The name of the certificate file should be cte_cert.crt
and cte_cert_key.key
. The steps below explain how to do this.
The ca_certs
directory is used, for example, when you configure a plugin for an on-premises product (like MISP, QRadar etc.) that has a self signed SSL certificate issued by your organization. In this case, you need to put your CA certs in the ca_certs
directory to add them to the trust chain.
After that, run the setup script using the command sudo ./setup
so that appropriate file permissions are attained by the certificates you added in the ca_certs directory
.
When you have the certificate(s) you want to use for connecting to Cloud Exchange, follow these steps to install your private certificate(s) to securely access Cloud Exchange.
-
Log in to your Cloud Exchange host via CLI.
-
Browse to the directory
ta_cloud_exchange/$
, or/opt/cloudexchange/cloudexchange/$
. -
Execute the command
run ./stop
. -
Remove certificates by going to the
/ta_cloud_exchange/data/ssl_certs
, or/opt/cloudexchange/cloudexchange/data/ssl_certs
directory, using these commands:$ rm -rf cte_cert.crt
$ rm -rf cte_cert_key.key
-
After the existing SSL certificate is removed, you can install your private SSL certificate.
-
Copy new certs to
/ta_cloud_exchange/data/ssl_certs ‘sudo cp -r ../<Path_of_SSL_Certificate>
. - Or if running on a VM, copy new certs to
/opt/cloudexchange/cloudexchange/data/ssl_certs ‘sudo cp -r ../<Path_of_SSL_Certificate>
.
-
-
Restart Cloud Exchange using the command
$run ./start
.