After updating from a legacy version - Platform - BlueCat Gateway - 23.1

Gateway Installation Guide

Product name
BlueCat Gateway

Note: BlueCat Gateway v21.5.1 and earlier have reached end-of-life and are no longer supported. If you're using these versions, we recommend you upgrade as soon as possible.

After you upgrade BlueCat Gateway from a version prior to v21.5.1, you must update it with the certificate files and configuration settings that you copied earlier.

Migrating certificates to the upgraded system

If you previously stored Apache certificates in a location not managed by Gateway, you must move them to a workspace with the file names that Gateway expects. This lets BlueCat Gateway manage SSL certifications going forward.

To migrate your certificates to the standard location used by BlueCat Gateway:
  1. Locate the .crt and .key files that you copied earlier (see Updating certificates and custom Apache configurations on legacy systems).
  2. Rename those files as gateway.crt and gateway.key, respectively.
  3. Tell BlueCat Gateway to resume looking for certificates within workspaces. To do so, within Gateway's config.json file, set server_certs_from_workspace to true. (Or, since its value defaults to true, remove that setting altogether):
    "server_certs_from_workspace": true
  4. Follow the instructions listed in Enabling HTTPS for Gateway using custom SSL certificates in the BlueCat Gateway Administration Guide. That is, either upload the TLS/SSL certificates that you want Gateway to use via the Gateway UI, or install those certificates manually.

Updating Apache configuration settings

If you customized settings on BlueCat Gateway's Apache hosts, you must move those settings to the global.conf, http.conf, or https.conf files, located in the <workspace>/apache folder. If a particular file doesn't exist, simply create it.

  1. Locate the various Apache configuration files that you copied earlier.
  2. For each setting in those configuration files (that is still relevant), add it to one of the three files listed earlier.
    • If the setting is no longer relevant, ignore it.

    • If the setting applies to both Gateway's HTTP and HTTPS servers, add it to the apache/global.conf file.
    • If the setting applies to just Gateway's HTTP server, add it to the apache/http.conf file within the host's <VirtualHost> tag.

      If you want to disable the HTTP server (and force communications to use the HTTPS server, which has better security), create an empty apache/http.conf file.

    • If the setting applies to just Gateway's HTTPS server, add it to the apache/https.conf file within the host's <VirtualHost> tag.

    For more details, see Global Apache configuration file and HTTP and HTTPS Apache configuration files in the Gateway Administration Guide.

Note: BlueCat Gateway always generates a new Apache configuration file for its Apache hosts on startup. In earlier versions, you could disable this behavior by setting generate_apache_config to false in the workspace's config.json file. As of v21.11.2, the generate_apache_config setting is deprecated and ignored.