4.4 Post-Installation Tasks

4.4.1 Using Your CA Signed Certificate

While installing Advanced Edition, SecureLogin uses Let's Encrypt to generate the certificate (It is not applicable for installing Advanced Edition on Rancher). You can replace the default certificate with a third-party certificate authority (CA) issued certificate, such as Verisign.

Perform the following steps:

  1. Extract the private key (.key) from the certificate by using the following command:

    openssl pkcs12 -in <name-of-the-certificate>.pem -out <name-of-the-key>.key -nodes -nocerts

    For example, openssl pkcs12 -in my-certificate.pem -out private.key -nodes -nocerts

  2. Extract the public certificate (.crt) from the certificate file.

    openssl pkcs12 -in <name-of-the-certificate>.pem -out <name-of-the-public-certificate>.crt -nodes -nokeys

    For example, openssl pkcs12 -in my-certificate.pem -out pub-certificate.crt -nodes -nokeys

  3. Create a TLS secret using the public certificate and private key.

    kubectl create secret tls <name-of-the-secret> --namespace <name-of-the-namespace> --key private.key --cert pub-certificate.crt

    For example, kubectl create secret tls my-tls-secret --namespace my-ingress --key private.key --cert pub-certificate.crt

  4. Open the SecureLogin-Server-x.x.x.x\values.yaml file and modify the values in the certificate section as follows:

    Field

    Value

    default

    false

    secret

    The name of the secret. For example, my-tls-secret.

    To configure the certificate for the first time, no need to change the value of secret. However, the next time onwards, you must change this value also.

  5. Perform a helm install or upgrade using the following command:

    • To install:

      helm install <name-of-the-release> <name-of-the-helm-chart> -n <name-of-the-namespace>

      For example, helm install slserver001 SecureLogin-Server-x.x.x.x -n nsl-namespace

    • To upgrade:

      helm upgrade <release-name> <name-of-the-helm-chart> -n <name-of-the-namespace>

      For example, helm upgrade slserver SecureLogin-Server-x.x.x.x -n my-ingress

4.4.2 Modifying the Life Span of a JWT Token

You can modify the life span of a JWT token using the following steps:

  1. Open the SecureLogin-Server-x.x.x.x\values.yaml file.

  2. In the JWTToken section, modify the following value:

    expiration: Change to a preferred value. However, this value must be greater than inactivity timeout that is 15 min.

    The expiration time is 60 minutes by default.

  3. Save the file.

  4. Perform a helm install or upgrade using the following command:

    • To install:

      helm install <name-of-the-release> <name-of-the-helm-chart> -n <name-of-the-namespace>

      For example, helm install slserver001 SecureLogin-Server-x.x.x.x -n nsl-namespace

    • To upgrade:

      helm upgrade <release-name> <name-of-the-helm-chart> -n <name-of-the-namespace>

      For example, helm upgrade slserver SecureLogin-Server-x.x.x.x -n my-ingress

4.4.3 Changing the Administrator Username and Password

  1. Open the SecureLogin-Server-x.x.x.x\values.yaml file.

  2. In the serverAdmin section, modify the following details:

    Section

    Value

    secret

    To change the password for the first time, no need to change the value of secret. However, the next time onwards, you must change both password and secret.

    username

    Specify the new username.

    password

    Specify the new password.

  3. Save the file.

  4. Perform a helm install or upgrade using the following command:

    • To install:

      helm install <name-of-the-release> <name-of-the-helm-chart> -n <name-of-the-namespace>

      For example, helm install slserver001 SecureLogin-Server-x.x.x.x -n nsl-namespace

    • To upgrade:

      helm upgrade <release-name> <name-of-the-helm-chart> -n <name-of-the-namespace>

      For example, helm upgrade slserver SecureLogin-Server-x.x.x.x -n my-ingress