Copy PEM and generated SSL certificates to TAS servers
Copy the certificates created for the Text Indexing Service (TINS) and the Secure Gateway from the TAS Management server, to all the other TAS servers in your deployment, including the TAS Management server.
Secure Gateway SSL certificates
-
secure_gateway.key
-
secure_gateway.crt
-
secure_gateway_rootca.crt
TINS (Solr) SSL certificates
-
solr_ssl.jks
-
solr_rootca.crt
-
client_store_ssl.jks
Before you begin
Generate SSL certificates for TAS servers
Procedure
-
Create the following folders on every TAS server in your deployment:
-
If
-
Define permissions:
Copychown -R tas_inst:tas /home/tas_inst/.podman -
Within /home/tas_inst/
-
Within the /<data_folder>, create a subfolder entitled ssl, and another subfolder entitled secure_gateway:
Copymkdir -p /<data_folder>/ssl/secure_gatewaywhere:
-
<data_folder> is the folder defined for data storage, and is by default opt/app/data.
-
- Within /<data_folder>/ssl, create the following subfolders:Copy
mkdir -p /<data_folder>/ssl/solr
mkdir -p /<data_folder>/ssl/kafka
mkdir -p /<data_folder>/ssl/dataexportwhere:
<data_folder> is the folder defined for data storage, and is by default opt/app/data.
-
Change permissions for /ssl:
Copychown -R tas_inst:tas /<data_folder>/ssl
chmod -R 770 /<data_folder>/sslwhere:
-
<data_folder> is the folder defined for data storage, and is by default opt/app/data.
-
-
Repeat step a through step f for every TAS server in your deployment, including the TAS Management server.
-
-
Copy the ca.pem certificate from the TAS Management server to /home/tas_inst/
Copyscp ca.pem tas_inst@<fqdn_target_server>:/home/tas_inst/.podmanwhere:
-
<fqdn_target_server> is the FQDN of the TAS server in your deployment to which you are copying the certificate.
-
-
On the TAS Management server, go to the folder with the FQDN of the target TAS server to which to copy the certificates.
-
From the folder with the FQDN of the target TAS server, copy the PEM certificates to the target TAS server (physical server):
Copyscp <fqdn_folder_target_tas_server>/*.pem tas_inst@<fqdn_target_tas_server>: /
/home/tas_inst/.podman/<fqdn_folder_target_tas_server>where:
-
<fqdn_folder_target_tas_server> is the name of the folder with the FQDN of the target TAS server on the Management server.
-
<fqdn_target_tas_server> is the FQDN of the target TAS server (physical server) to which you are copying the certificates.
-
<fqdn_folder_target_tas_server> is the name of the folder on the target TAS server to which you are copying the certificates.
Example:
Copyscp /home/tas_inst_.docker/TAS_server.domain.com/*.pem /
tas_inst@<TAS_server.domain.com>:/home/tas_inst/.podman/TAS_server.domain.com -
-
On the TAS Management server, from the folder with the FQDN of the target TAS server, copy the Secure Gateway, TINS (Solr), and client_store_ssl.jks certificates to the target TAS server:
-
Copy the Secure Gateway certificates:
Copyscp <fqdn_folder_tas_server>/secure_gateway* tas_inst@<fqdn_target_tas_server>: /
/<data_folder>/ssl/secure_gatewaywhere:
-
<fqdn_folder_tas_server> is the name of the folder with the FQDN of the target TAS server on the Management server.
-
<fqdn_target_tas_server> is the FQDN of the target TAS server to which you are copying the certificates.
-
<fqdn_folder_target_tas_server> is the name of the folder on the target TAS server to which you are copying the certificates.
-
-
Copy TINS (Solr) certificates:
Copyscp <fqdn_folder_tas_server>/solr_* tas_inst@<fqdn_target_tas_datastore_server>: /
/<data_folder>/ssl/solr -
Copy client_store_ssl.jks:
Copyscp <fqdn_folder_tas_server>/client_store_ssl.jks tas_inst@<fqdn_target_tas_datastore_server> /
:/<data_folder>/ssl/solr
-
-
Repeat step 2 through step 6 for every TAS server in your deployment, including the TAS Management server.
What to do next