Versions Compared

Version Old Version 5 New Version 6
Changes made by

Ashhad Alam

Ashhad Alam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can set up Nginx Ingress Controller as a front-end for the Webapp Gateway to add an extra layer of security while establishing communication between external users and the application. 

...

Anchor
Exporting the public key
Exporting the public key
Exporting the public key of

...

Ingress controller 

The steps for exporting the public key of the Webapp Gateway/ Ingress controller external URL (external FQDN, for example, dummy.adeptia.com) vary from browser to browser. It is recommended that you export the key using DER encoded binary format X.509 (.CER). Following are the steps to export the public key in Google Chrome browser.

  1. Enter the Adeptia Connect application URL (client-specific according to client domain) in the browser.
    The login page opens.
  2. Click  > More tools > Developer tools.
  3. Click Security tab. 
  4. Click View Certificate.



  5. On the Certificate window, on the Details tab, click Copy to File.



  6. Click Next to start exporting the certificate.



  7. Choose DER encoded binary X.509 (.CER) and click Next.



  8. Specify the location to save the exported file and click Next.



  9. Click Finish to export.
  10. Click OK to exit from the wizard.

Anchor
Importing the certificate
Importing the certificate
Importing the

...

Ingress controller certificate 

This section helps you to import SSL certificate in the microservices Truststore.

...

  1. Run the following Kubectl command to copy the certificate to the PVC or shared storage volume for the Webapp Gateway pod.

    Code Block
    languagecss
    themeMidnight
    Kubectl --namespace <namepace_name> cp <local_path_for_SSL_certificate> <pod_name>:shared/truststore/<SSL_certificate_name>


  2. Navigate to the Microservice pod (Eg. Webrunner) by running the following command.

    Code Block
    languagecss
    themeMidnight
    Kubectl --namespace <namespace_name> exec -it <pod_name> -- sh


  3. Run the following Keytool command to import the certificate.

    Code Block
    languagecss
    themeMidnight
    keytool -import -trustcacerts -file <Path_of_SSL_Certificate> -alias <alias_name> -keystore <Path of cacerts file>

    Where,

              <Path_of_SSL_Certificate> is the path of SSL certificate.

              <Path of cacerts file> is the path of Truststore.

    For example,

    Code Block
    languagecss
    themeMidnight
    keytool -import -trustcacerts -file shared/truststore/ssl-certs.cer -alias adeptia -keystore shared/truststore/cacerts

    You'll be prompted to enter a password. Enter the default password changeit.

  4. Run the exit command to exit from the pod shell.
  5. Restart all the Microservices to bring the changes into effect.

Handling HTTP headers containing underscores ( _ )

To ensure that connection between Adeptia Connect and a business application establishes successfully even if the header contains underscores ( _ ), set the value for the property enable-underscores-in-headers to true in the ConfigMap of Nginx Ingress Controller.

To achieve this, follow the steps given below:

  1. Open the ConfigMap of Nginx Ingress Controller in edit mode using the following command.

    Code Block
    languagecss
    themeMidnight
    Kubectl edit configmap <name of the Nginx Ingress Controller ConfigMap> -n <namespace in which Nginx Ingress Controller is deployed>


  2. Add the following property in the data section of the ConfigMap with its value as true as shown below.
    enable-underscores-in-headers: “true”.
  3. Save the ConfigMap, and restart the Nginx Ingress Controller deployment.

...

Related page

Configuring SSL in Microservices