Generate and Install SSL Certificates in Cloud Exchange
Generate and Install SSL Certificates in Cloud Exchange
When first installed, Cloud Exchange does not require an SSL certificate and the web server can be reached over an unencrypted connection.
Note
There are two SSL-related folders created on the file system: ssl_certs and ca_certs.
If you want to add your own SSL certificate(s), you can add them to the ta_cloud_exchange/data/ssl_certs directory. The name of certificate file should be cte_cert.crt and cte_cert_key.key. The steps below explain how to do this.
The ca_certs directory is used, for example, when you configure a plugin for an on-premises product (like MISP, QRadar etc.) that has a self signed SSL certificate issued by your organization. In this case, you need to put your CA certs in the ca_certs directory to add them to the trust chain.
After you have the certificate(s) you’d want to use for connecting to Cloud Exchange, follow the steps to install your private certificate(s) to securely access Cloud Exchange.
-
Log in to your Cloud Exchange host via CLI.
-
Browse to the directory
ta_cloud_exchange/$. -
Execute the command
run ./stop. -
Remove certificates by going to the
/ta_cloud_exchange/data/ssl_certsdirectory and using these commands:$ rm -rf cte_cert.crt$ rm -rf cte_cert_key.key -
After the existing SSL certificate is removed, you can install your private SSL certificate.
-
Copy new certs to
/ta_cloud_exchange/data/ssl_certs ‘sudo cp -r ../<Path_of_SSL_Certificate>.
-
-
Restart Cloud Exchange using the command
$run ./start.
This video shows how to use a Cloud Exchange setup script to create a self-signed certificate to enable and access the Cloud Exchange UI over HTTPS.
