Skip to main content

How to renew your on premises IriusRisk certificate

Josep Sanchez
  • Updated

 

This article will explain how to update your IriusRisk certificates for your on-premises deployment, and show some commands that can be useful.

 

Once your new certificate has been created

 

Once you have the new certificate (and the new key, if you have renewed it as well) you need to upload them to the docker host, in the docker-compose.yml path, named as cert.pem and key.pem.

 

You can verify that the key and the cert are valid by checking that their modulus is matching, and that the date of the new cert is correct.

 

To check the modulus you can:

openssl x509 -noout -modulus -in cert.pem | openssl md5
openssl rsa -noout -modulus -in key.pem | openssl md5

 

And to review the date:

openssl x509 -in cert.pem -text | grep "Not After"

 

Then, restart nginx to apply the change:

docker restart iriusrisk-nginx

 

You can review that the certificate has been renewed in the app by checking it on the url by hostname or on the localhost, for example

echo | openssl s_client -servername instance_name.iriusrisk.com -connect instance_name.iriusrisk.com:443 2>/dev/null | openssl x509 -noout -dates| grep notAfter | sed -e 's#notAfter=##'
echo | openssl s_client -servername localhost -connect localhost:443 2>/dev/null | openssl x509 -noout -dates| grep notAfter | sed -e 's#notAfter=##'

 

 

To take into account

 

In case you need to remove a password from a key:

openssl rsa -in [original.key] -out [new.key]

 

 

The name of the certificate and key are on the ngnix volume section of the docker-compose.yml file: 

 

$ cat docker-compose.yml | grep "cert.pem\|key.pem"
- "./cert.pem:/etc/nginx/ssl/star_iriusrisk_com.crt:ro"
- "./key.pem:/etc/nginx/ssl/star_iriusrisk_com.key:ro"
$

 

So if you decide to rename the cert and the key, i.e. cert2.pem and key2.pem, the new names need to be modified as well in the file, and the docker stack restarted in order to apply the change:

 

(...)
 volumes:
- "./cert2.pem:/etc/nginx/ssl/star_iriusrisk_com.crt:ro"
- "./key2.pem:/etc/nginx/ssl/star_iriusrisk_com.key:ro"
(...)

 

docker-compose down && docker-compose up -d

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk