Adding custom CA certificates to the NextGen gateway is crucial for ensuring secure communication between the gateway and other components within your environment. Custom CA certificates allow you to establish trust between the gateway and the servers it interacts with. By adding these certificates, you enhance the overall security posture of your system, protect sensitive data, and prevent potential security vulnerabilities. This practice is essential to maintain the integrity of your communication channels and safeguard your network infrastructure.
Upload the CA certificates to NextGen Gateway
To upload the CA certificate, you need to generate the certificate locally first. After that, you can proceed to upload the locally issued certificate to both the gateway and vprobe service.
Step 1: Save the certificates in /root/custom-certs repository
Create a
custom-certs
folder within the/root/
directory.mkdir -p /root/custom-certs
Change the current directory to
/root/custom-certs
.cd /root/custom-certs
Save all the certificates to
/root/custom-certs
directory.- If you already have certificates, save them with the ‘crt extension.
- If certificates are not available, see the document to know how to get them.
Note
Please make sure you save the certificates in all nodes.Step 2: Upload the certificate to NextGen Gateway and OS (Ubuntu)
Once the certificates copying is completed then follow steps to upload it to the NextGen gateway and OS (Ubuntu).
Upload the CA Certificates to OS (Ubuntu)
- Run the following commands to upload certificates to OS (Ubuntu).
sudo cp /root/custom-certs/*.crt /usr/local/share/
sudo update-ca-certificates
Note
Please make sure you upload all the certificates in all nodes.Upload the Certificate to NextGen Gateway
Create a configmap using following command.
cd /root/
kubectl create configmap custom-certs --from-file=custom-certs -n <namespace>
If the gateway is already registered, use the following command to pull and update the helm chart.
helm pull oci://us-docker.pkg.dev/opsramp-registry/gateway-cluster-charts/nextgen-gw --version 1.6.0
helm upgrade nextgen-gw nextgen-gw-1.6.0.tgz -n <namespace>
If the gateway is not registered, see the document to register it and then proceed to step 2.