After you upgrade BlueCat Gateway to the latest version, you must update it with the certificate files and configuration settings that you copied earlier.
Migrating certificates to the upgraded system
If you previously stored Apache certificates in location not managed by Gateway, you must move them to a workspace with the file names that Gateway expects. This lets BlueCat Gateway manage SSL certifications going forward.
- Locate the .crt and .key files that you copied earlier (see Updating certificates and custom Apache configurations on legacy systems).
- Rename those files as gateway.crt and gateway.key, respectively.
- Tell BlueCat Gateway to resume looking for certificates
within workspaces. To do so, within Gateway's config.json
file, set server_certs_from_workspace to true. (Or, since
its value defaults to true, remove that setting altogether):
{ "server_certs_from_workspace": true }
- Follow the instructions listed in Enabling HTTPS for Gateway using custom SSL certificates.
Updating Apache configuration settings
If you customized settings on BlueCat Gateway's Apache hosts, you must move those settings to the global.conf, http.conf, or https.conf files, located in the <workspace>/apache folder. If a particular file doesn't exist, simply create it.
- Locate the various Apache configuration files that you copied earlier.
- For each setting in those configuration files (that is still relevant), add it
to one of the three files listed earlier.
-
If the setting is no longer relevant, ignore it.
- If the setting applies to both Gateway's HTTP and HTTPS servers, add it to the apache/global.conf file.
-
If the setting applies to just Gateway's HTTP server, add it to the apache/http.conf file within the host's <VirtualHost> tag.
If you want to disable the HTTP server (and force communications to use the HTTPS server, which has better security), create an empty apache/http.conf file.
- If the setting applies to just Gateway's HTTPS server, add it to the apache/https.conf file within the host's <VirtualHost> tag.
For more details, see Global Apache configuration file and HTTP and HTTPS Apache configuration files.
-