Loading...

Knowledge Center

/
centrexIT
Knowledge Center

CentrexIT Halo.app SSL Certificate Renewal

KB00041602
Stephen Homer Work Instruction 1 min
PublishedStephen Homerv2.0
Published Jul 2, 2024Expires Jan 9, 2027

Purpose:

Section titled “Purpose:”

Steps needed to refresh the Halo.app SSL certificate for the application.

Scope:

Section titled “Scope:”

Halo administration

Responsibility:

Section titled “Responsibility:”

Technology

Completion Criteria:

Section titled “Completion Criteria:”

If steps are performed correctly the Halo.app SSL certificate will be extended/renewed.

Records:

Section titled “Records:”

not applicable

Steps:

Section titled “Steps:”
  1. Cert should auto-renew w/ GoDaddy
  2. Download certificate package in GoDaddy portal (server type: Other) and extract contents into a temp directory (e.g. C:\Temp_.Halo.app)
  3. Rename extracted .pem file to Halo.app.pem
  4. Copy Halo.app.key (will be same key file as used previously unless ssl cert is rekeyed) into cert directory (e.g. C:\Temp_.Halo.app) where files were extracted
  5. Run: openssl pkcs12 -export -in Halo.app.pem -inkey Halo.app.key -certfile gd_bundle-g2-g1.crt -out Halo.app.p12 (when prompted for password use f8f8f8f8) a. Use MS Windows for Linux Subsystem prompt if needed for openssl command
  6. Download and install openjdk 20.0.2, then run: C:\Temp\openjdk\jdk-20.0.2\bin\keytool -importkeystore -srckeystore C:\Temp_.Halo.app\Halo.app.p12 -srcstoretype pkcs12 -destkeystore C:\Temp_.Halo.app\Halo.app.jks -deststoretype jks (when prompted for passwords enter f8f8f8f8 a. Use Windows Command Prompt as admin if needed
  7. Copy to dev.Halo.app server: scp Halo.app.jks dev.Halo.adm@10.10.50.43:/tmp a. Should be done from wherever .jks file was created (e.g. navigate to temp directory: cd C:\Temp_.Halo.app)
  8. Log into dev.Halo.app as dev.Halo.adm: ssh dev.Halo.adm@10.10.50.43
  9. Run: sudo -su root (enter dev.Halo.adm password)
  10. Go to tmp directory and run: mv Halo.app.jks /f8/certs (overwrite if prompted)
  11. Go to /f8/certs and run: a. chown root Halo.app.jks b. chgrp root Halo.app.jks c. chmod 644 Halo.app.jks
  12. Backup existing Halo-app.jks: cp Halo-app.jks Halo-app.jks_bkp06132024 (replace that date w/ date of backup)
  13. Shut down both ds and ui a. /f8/sites/centrexit/ui/bin/shutdown.sh b. /f8/sites/centrexit/ds/bin/shutdown.sh
  14. Verify services have halted: ps -ef | grep f8
  15. Rename existing Halo-app.jks: mv Halo-app.jks Halo-app.jks_old
  16. Rename new Halo.app.jks: mv Halo.app.jks Halo-app.jks
  17. Restart ds and ui a. /f8/sites/centrexit/ds/bin/startup.sh b. /f8/sites/centrexit/ui/bin/startup.sh
  18. Update public key (Certificate chain PEM) in Halo.app certs stored in System > Credibility > Certificates, may be in production/service provider and root spaces
  19. Validate the SSL certificate has been updated by accessing the certificate from application website. To move to prod repeat steps but use prod app server and Halo.adm password (also use for sudo -su root command): ssh Halo.adm@10.20.21.11

The /f8/certs/Halo-app.jks and password f8f8f8f8 are specified in startup files for ds/ui.

Process References:

Section titled “Process References:”
  1. Create a relationship back to related process. Note: Please add KB relationships to core process, process, SOPs or other WIs on the right.