Solved

How are certificates handled in IFS Cloud for PSO Integration/Communication?

2 years ago
10 February 2022
6 replies
553 views

Userlevel 5

+14

Technical Toby
Superhero (Employee)
143 replies

We have setup an IFS Cloud 21R1 on Premise environment.

In addition, we have setup a PSO environment.

These two should now communicate with each other, but we are receiving this error message

This is leading me towards a missing certificate.

In IFS 10 we had been able to import all needed certificates by running an import via reconfigure. As this is not possible in IFS Cloud, I wonder how this is done.

I am aware of the techdocs in 21R2

Secured Communication - Technical Documentation For IFS Cloud

but this is only pointing out how to verify the certificates or what you can do with certificates.

Seems this is more a general overview of what you can do with certificates.

If you check on Configure the HTTP Transport Connector (ifs.com) it is referring to importing files to the keystore with the mentioning of the standard IFS10 procedure and paths.. So this does not help at all.

Using the keystore Window in IFS Cloud seems more or less like the keystore functionality for signing documents instead of securing communication. That is what I faced with IFS 10.

Can anyone inform me how to apply third party certificates to the IFS Cloud Keystore for integration/communication?

Kind regards,

icon

Best answer by Technical Toby 18 February 2022, 09:46

View original

This topic has been closed for comments

6 replies

Userlevel 6

+23

roklde
Superhero (Employee)
590 replies
2 years ago
15 February 2022

@Phil Lamerton Hi, could you please raise attention of IFS Cloud PD and/or PSO PD to this? Our customer is awaiting feedback.

Best regards
Roman

Userlevel 7

+17

Phil Lamerton
Superhero (Employee)
531 replies
2 years ago
15 February 2022

@Björn Kleist can you help here?

Userlevel 3

clhase
Hero (Employee)
27 replies
2 years ago
17 February 2022

Can you try to redeploy the ifsapp-connect container in the k8s cluster?

There has been an issue in the ifsapp-connect container that gave that same error in the past, but I think that should have been fixed for the 21R1 release. However, the workaround for that issue was to redeploy the ifsapp-connect container, so it may be worth to try that out and see if the error goes away.

Userlevel 6

+23

roklde
Superhero (Employee)
590 replies
2 years ago
17 February 2022

@clhase thanks we can certainly try that but do you have also answers for us on the general handling of certificates in IFS Cloud? Is this something we need to consider here as I assume PSO is seen as an external system for IFS Cloud and this would eventually mean that the error message could be actually related to a certificate issue instead of an issue with the container - or can you completly exclude this as the root cause?
Note also that both systems are running on different hosts / k8s clusters.

Userlevel 5

+14

Technical Toby
Author
Superhero (Employee)
143 replies
2 years ago
18 February 2022
Answer

Hi all!

In the tech docs, it is somehow stated

https://docs.ifs.com/techdocs/21r2/020_installation/200_installing_ifs_cloud/035_ifs_cloud_ifsinstaller/030_installation_parameters/

But unfortunately, this does not help a lot. Thus, thanks to internal feedback from RnD, here is an example

Necessary steps to apply a save connection between the two systems:

Download the certificate from the PSO System
Provide it to the managed Server certs directory
Apply the update to the cloud_values.yaml file as written above
Run the ifsinstaller from the latest delivery download with the action=mtinstaller
Restart the pods for IFS Connect with the following commands to enable the usage of the now updated certificates
1. kubectl scale deployment ifsapp-connect --replicas=0 -n <namespace>
2. kubectl scale deployment ifsapp-connect --replicas=1 -n <namespace>

Afterwards, the certificate should be applied ant the connection may be successful.

you have to apply the certificates in a specific way like this. Use the certificate string itself or the file

ifscore:

…

certificates:

Ifsapp-connect:

PSO: |

-----BEGIN CERTIFICATE-----

MIIB5TCCAU6gAwIBAgIJAIsnNp+bTuJfMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNV

BAMMFiouY29ycG5ldC5pZnN3b3JsZC5jb20wHhcNMjEwNjAzMDc1MDIxWhcNMzEw

MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8/XENCnAZAWyniMGSUyAfLsoI6Q/U

aetxy9DWoVgyXKM62pegxfsXT5rLo2zLDv5qzOg8dMI4KLwmsMHCUlSyz/Y0BDF3

8r71H1+hs+La/s+wX9I8gXFEncKWDWXqg7YRo4nZpjZj1sW5P8jq3H/gCE73ZQ/z

zO026vjupsFw4wIDAQABoyUwIzAhBgNVHREEGjAYghYqLmNvcnBuZXQuaWZzd29y

bGQuY29tMA0GCSqGSIb3DQEBCwUAA4GBALimRYnXEuqXPN0HQOAZ7RCX2w7j/L7E

MiqM9vdgqNjpItv3EPWjmjooCX/Ea1EBUOMK9WKYl28SkPjIc5oa/X4yaCI/AVNs

nfQRDsQ/oykFlr8OeNOcBhg6J9qVwEE/lcZTEUFz5ZQOe8CCDWW1qDmmO65C9zn2

l7oqbIJyvUew

-----END CERTIFICATE-----

otherhttpcert: C:\remote\ifsroot\config\certs\yourcert.cer

In the end, it may look like that in your template

#chart: ifscloud/ifs-cloud

#chartVersion: ~212.0.0

helmRepo: https://ifscloud.jfrog.io/artifactory/helm/

helmUser: ale-pe4ghtsjo

helmPwd: Y65SWgfvoyGhhStRBvgpyGQImEfciGHt

certificateFile: ..\..\..\config\certs\example.pfx

certificatePassword: example

logFileLocation: ..\..\..\logs\ifscloudinstaller

global:

namespace: exampletmp

customerCode: example

environmentType: tmp

replicas: 1

systemUrl: exampletmp.myinternalcompanyurl.com

#secondarySystemUrl: exampletmp.myexternalcompanyurl.com

# Always append a trailing slash!

#containerRegistry: rnddockerdev.azurecr.io/

containerRegistry: ifscloud.jfrog.io/docker/

imageCredentials:

username: ale-pe4ghtsjo

password: Y65SWgfvoyGhhStRBvgpyGQImEfciGHt

ifscore:

secrets:

jdbcUrl:

data: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=1.2.3.4)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=sb)))

passwords:

ifsiamAdminPw:

data: example

ifsadminPassword:

data: example

ifsiamPassword:

data: example

ifssysPassword:

data: example

ifsmonPassword:

data: example

ifsappmonitorPw:

data: example

ifsmonPassword:

data: example

ifsreadonlysuppPw:

data: example

scimtextPw: