While installing Advanced Edition, SecureLogin uses Let's Encrypt to generate the certificate (It is not applicable for installing Advanced Edition on Rancher). You can replace the default certificate with a third-party certificate authority (CA) issued certificate, such as Verisign.
Perform the following steps:
Extract the private key (.key) from the certificate by using the following command:
openssl pkcs12 -in <name-of-the-certificate>.pem -out <name-of-the-key>.key -nodes -nocerts
For example, openssl pkcs12 -in my-certificate.pem -out private.key -nodes -nocerts
Extract the public certificate (.crt) from the certificate file.
openssl pkcs12 -in <name-of-the-certificate>.pem -out <name-of-the-public-certificate>.crt -nodes -nokeys
For example, openssl pkcs12 -in my-certificate.pem -out pub-certificate.crt -nodes -nokeys
Create a TLS secret using the public certificate and private key.
kubectl create secret tls <name-of-the-secret> --namespace <name-of-the-namespace> --key private.key --cert pub-certificate.crt
For example, kubectl create secret tls my-tls-secret --namespace my-ingress --key private.key --cert pub-certificate.crt
Open the SecureLogin-Server-x.x.x.x\values.yaml file and modify the values in the certificate section as follows:
Field |
Value |
---|---|
default |
false |
secret |
The name of the secret. For example, my-tls-secret. To configure the certificate for the first time, no need to change the value of secret. However, the next time onwards, you must change this value also. |
Perform a helm install or upgrade using the following command:
To install:
helm install <name-of-the-release> <name-of-the-helm-chart> -n <name-of-the-namespace>
For example, helm install slserver001 SecureLogin-Server-x.x.x.x -n nsl-namespace
To upgrade:
helm upgrade <release-name> <name-of-the-helm-chart> -n <name-of-the-namespace>
For example, helm upgrade slserver SecureLogin-Server-x.x.x.x -n my-ingress
You can modify the life span of a JWT token using the following steps:
Open the SecureLogin-Server-x.x.x.x\values.yaml file.
In the JWTToken section, modify the following value:
expiration: Change to a preferred value. However, this value must be greater than inactivity timeout that is 15 min.
The expiration time is 60 minutes by default.
Save the file.
Perform a helm install or upgrade using the following command:
To install:
helm install <name-of-the-release> <name-of-the-helm-chart> -n <name-of-the-namespace>
For example, helm install slserver001 SecureLogin-Server-x.x.x.x -n nsl-namespace
To upgrade:
helm upgrade <release-name> <name-of-the-helm-chart> -n <name-of-the-namespace>
For example, helm upgrade slserver SecureLogin-Server-x.x.x.x -n my-ingress
Open the SecureLogin-Server-x.x.x.x\values.yaml file.
In the serverAdmin section, modify the following details:
Section |
Value |
---|---|
secret |
To change the password for the first time, no need to change the value of secret. However, the next time onwards, you must change both password and secret. |
username |
Specify the new username. |
password |
Specify the new password. |
Save the file.
Perform a helm install or upgrade using the following command:
To install:
helm install <name-of-the-release> <name-of-the-helm-chart> -n <name-of-the-namespace>
For example, helm install slserver001 SecureLogin-Server-x.x.x.x -n nsl-namespace
To upgrade:
helm upgrade <release-name> <name-of-the-helm-chart> -n <name-of-the-namespace>
For example, helm upgrade slserver SecureLogin-Server-x.x.x.x -n my-ingress