In release 5.1, SSL has been introduced and enforced for both Management UI and API. Also, Management API now manages sessions in a stateless way using JWT tokens and has CSRF protection enabled. Please follow the instructions below to make sure you make use of this feature.
Create server SSL certificates for both Management UI and API, using the Subject Alternative Name (SAN) of UI and API location
Make sure you use the following names:
Place the certificate for mgmt-api and mgmt-ui in the security directory next to platform-deploy
cluster.sh in your platform-config and introduce the changes as indicated below:
versions.sh files for your cluster(s) inside your platform-config and update them as follows:
versions.sh files for your instance(s) inside your platform-config and update them as follows:
As per release 5.1, instances are strictly bound to a tenant. This means that instances are now under the tenant context, and created instances will automatically fall under that tenant.
Existing instances need to be linked to a tenant by setting
tenant_id for all the instances in the
instance table. You can find your tenant by name in the
If you have used keytool to generate a JKS file, you can use the following commands to extract the
.crt files from it.
Use the following steps to extract the .crt and .key files from the JKS:
$ keyool -importkeystore -srckeystore cert.jks -destkeystore keystore.p12 -deststoretype PKCS12 $ openssl pkcs12 -in keystore.p12 -nodes -nocerts -out mgmt-ui.server.certificate.key $ openssl pkcs12 -in keystore.p12 -nokeys -out mgmt-ui.server.certificate.crt