Hello,
I’m trying to understand what options I have to manage in a more central manner the certificates/ certificate store for HTTPS communication between clients and the gateways.
Is there a way to configure the gateways to use a specific keystore or server alias ?
We’re using an AD environment and have our internal CA - i’d like to have a ‘common’ keystore that i distribute to 80 gateways, and this keystore would contain an alias key-pair for each individual gateway - and in the gateway config i would tell each one the alias that it should use.
Is anything like this even remotely possible ?
thanks!
There are some system properties that may help:
ignition.ssl.keystore.aliasignition.ssl.keystore.passwordignition.ssl.privatekey.password
These would get set in the “additional params” section of ignition.conf.
I don’t see a way to point to a different keystore all together, though, so make sure you use the default ssl.pfx in the webserver directory of the Ignition install.
1 Like
Hi,
When i go thru the SSL/TLS setup wizard and generate a CSR, i see that both ssl.pfx and csr.pfx are then generated. They don't exist until i do the the SSL configuration wizard.
I was looking to manage these centrally: storing multiple gateway keypairs in the same keystore and distributing a centrally managed ssl.pfx file to our various gateways.
This obviously means circumventing Ignition's built-in certificate generation features and means I need to manage them separately (KeyStore Explorer for example...).
I'll let you know if it actually works - any remarks or dissuasive comments are highly welcomed 