Updating SSL Certificates in Aspera Web Applications
IBM Aspera offers several web applications as part of their portfolio:
- Aspera Shares and Aspera Faspex provides end-users with an easy-to-use web interface for high-speed data transfer.
- Aspera Console provides a centralized administrative interface for monitoring, reporting, transfer initiation, and management of Aspera transfer servers.
- Aspera Orchestrator allows web-based design and execution of file-based workflows.
An important part of securing these web applications is to install an SSL/TLS Certificate that has been signed by a trusted Certificate Authority (CA).
This article will describe how to update your Aspera web apps with these signed certificates.
Aspera Shares is bundled with nginx as the front-end web server. The certificate and key files live in the /opt/aspera/shares/etc/nginx directory.
- Copy your new private key to cert.key
- Copy your new certificate to cert.pem
- [Optional] Append any root/intermediate certificates provided by your CA to the end of cert.pem.
- Restart the Aspera Shares nginx service by running /opt/aspera/shares/sbin/sv restart nginx.
Aspera Faspex, Console, Orchestrator
Faspex, Console, and Orchestrator are all bundled with Apache as the front-end web server. In addition, these products include a command line utility, asctl, which is used for many administrative tasks including updating the SSL certificate.
- Run asctl apache:install_ssl_cert <cert file> <key file> <intermediate cert file>
- This command will move all of the files into place and prompt you to restart the appropriate services.