SSL certificate about to expire. need to apply the new one.

HussainSyed
HussainSyed Member
edited December 2023 in General

Data Quality user documentation | Security (experianaperture.io)

This documentation for applying SSL cert if quite confusing as I do not see the menu.

Go to Configuration > All server settings

do I need the pfx file, or I can just apply cert file to update SSL.

pls let me know.

@Henry Simms

your response would be appreciated.

I remember using the pfx file last time in march for dev environment.

Br,

Hussain Syed

Answers

  • Henry Simms
    Henry Simms Administrator

    Hi @HussainSyed

    There are many different standards for SSL key container formats, and how you configure Data Studio's server certificate is going to depend on the format you have. Ultimately, Data Studio will need to add the private key and corresponding site certificate to its keystore.

    A pfx file (or .pkcs12 or .p12) is a password-protected container format that bundles a certificate (possibly with its various CA certificates) and the corresponding private key. If you have a pfx file, Data Studio's Key file and Certificate file will be configured to the same path (the .pfx file).

    In production it may be more likely that you have a separate private key and certificate. The private key (which is often a .key or .pem file) is generated, and used to create a certificate signing request (CSR). The CSR would go to a certification authority (CA), either public or private, who would return a signed certificate. The certificate (often a .pem, .cert, .cer or .crt) is a container for the public key with a signature computed by the (CA). In this case, configure Data Studio to include paths to the the private key and cert files separately.

    When a certificate expires, you may generate a new CSR using the existing private key, or you may choose to generate a new private key for the new cert. Which option you take will determine whether you can just update the cert file in Data Studio. Alternatively you may choose to create your own new pfx including the new cert and the associated public key.

  • @Henry Simms , thanks for response,

    can passphrase be empty if I am just using the .crt file?

    what i would want to do is, create a csr using digicert util.

    store a .crt file in certain location. import it using digicert util . and then mention the path for that crt file here

    settings - communication- server certificate - certificate file.


    and how do I test those changes? as in documentation above it says, apply, don t se the apply button here.

    i am unable to paste the screen due to permissions i guess. from page adsURL /settings/communication-settings

  • ok, I have the pfx and crt file and the passphrase with me now.

    now I am not sure about the settings to be applied on

    settings - communication- server certificate -

    and all the 3 entries there,


    passphrase, (passphrase set for pfx file while creating pfx file)

    key file (local path of crt file) (could that be left empty, if I am using pfx file in certficate file path?)

    certificate file (local path of pfx file)


    after that i do not see the apply button,

    i see the save changes button only,

    how these changes are successful, how would I know that?

    again i have done that in dev in march, but I am forgetting something what ensured it to be successful.


    @Henry Simms @Josh , please any help would be appreciated.

    secondly i m unable to paste screens here due to permission issues, else I would elaborate it more here, what I am doing.

    but hope you guys get the idea,


    Br,

    Hussain Syed

  • Henry Simms
    Henry Simms Administrator
    edited September 2022

    Hi @HussainSyed

    If you have a .pfx with both the private key and the cert in the bundle, you'll use the path to that file as the setting for both the Key file and Certificate file:

    You'll then click Save at the bottom of the page. If the file is valid (contains the right things) and the passphrase is correct, you should see the certificate info (expiry, issuer, domain) added to the non-editable fields just about the passphrase settings:

    For Data Studio to correctly pick up the new cert, you may need to restart the Data Studio service

    If you get an error when you hit Save, you'll know that there's something wrong with the pfx bundle. For example, in the case where I use the incorrect passphrase:

    You will also see an error in the datastudio.log reporting the problem.

    We'll update your permissions so you can post screenshots

  • thanks a lot. it really helps. @Henry Simms . I have successfully applied the new cert.

    thanks once again for help.

  • "We'll update your permissions so you can post screenshots"

    this will help a lot in future cases and questions. thanks. @Henry Simms