Updating SSL Certificates in Aspera Web Applications

IBM Aspera offers several web applications as part of their portfolio:

• Aspera Shares and Aspera Faspex provides end-users with an easy-to-use web interface for high-speed data transfer.
• Aspera Console provides a centralized administrative interface for monitoring, reporting, transfer initiation, and management of Aspera transfer servers.
• Aspera Orchestrator allows web-based design and execution of file-based workflows.

An important part of securing these web applications is to install an SSL/TLS Certificate that has been signed by a trusted Certificate Authority (CA).

This article will describe how to update your Aspera web apps with these signed certificates.

Aspera Shares

Aspera Shares is bundled with nginx as the front-end web server. The certificate and key files live in the /opt/aspera/shares/etc/nginx directory.

1. Copy your new private key to cert.key
2. Copy your new certificate to cert.pem
3. [Optional] Append any root/intermediate certificates provided by your CA to the end of cert.pem.
4. Restart the Aspera Shares nginx service by running /opt/aspera/shares/sbin/sv restart nginx.

Aspera Faspex, Console, Orchestrator

Faspex, Console, and Orchestrator are all bundled with Apache as the front-end web server. In addition, these products include a command line utility, asctl, which is used for many administrative tasks including updating the SSL certificate.

1. Run asctl apache:install_ssl_cert <cert file> <key file> <intermediate cert file>
2. This command will move all of the files into place and prompt you to restart the appropriate services.