After you upgrade BlueCat Gateway from a version prior to v21.5.1, you must update it with the certificate files and configuration settings that you copied earlier.
Migrating certificates to the upgraded system
If you previously stored Apache certificates in a location not managed by Gateway, you must move them to a workspace with the file names that Gateway expects. This lets BlueCat Gateway manage SSL certifications going forward.
- Locate the
.crt
and.key
files that you copied earlier (see Updating certificates and custom Apache configurations on legacy systems). - Rename those files as
gateway.crt
andgateway.key
, respectively. - Tell BlueCat Gateway to resume looking for certificates within
workspaces. To do so, within Gateway's
config.json
file, setserver_certs_from_workspace
to true. (Or, since its value defaults to true, remove that setting altogether):{ "server_certs_from_workspace": true }
- Follow the instructions listed in Enabling HTTPS for Gateway using custom SSL certificates in the BlueCat Gateway Administration Guide. That is, either upload the TLS/SSL certificates that you want Gateway to use via the Gateway UI, or install those certificates manually.
Updating Apache configuration settings
If you customized settings on BlueCat Gateway's Apache hosts, you must
move those settings to the global.conf
, http.conf
, or
https.conf
files, located in the
<workspace>/apache
folder. If a particular file doesn't exist,
simply create it.
- Locate the various Apache configuration files that you copied earlier.
- For each setting in those configuration files (that is still relevant), add it to
one of the three files listed earlier.
-
If the setting is no longer relevant, ignore it.
- If the setting applies to both
Gateway's HTTP and HTTPS servers, add it to the
apache/global.conf
file. -
If the setting applies to just Gateway's HTTP server, add it to the
apache/http.conf
file within the host's<VirtualHost>
tag.If you want to disable the HTTP server (and force communications to use the HTTPS server, which has better security), create an empty
apache/http.conf
file. - If the setting applies to just
Gateway's HTTPS server, add it to the
apache/https.conf
file within the host's<VirtualHost>
tag.
For more details, see Global Apache configuration file and HTTP and HTTPS Apache configuration files in the Gateway Administration Guide.
-
generate_apache_config
to false in the workspace's
config.json
file. As of v21.11.2, the
generate_apache_config
setting is deprecated and ignored.