Skip to main content
Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Reference- Upgrade SSL certs for CKS

Craig Engle
  • Updated

Step 1: Backup your CKS

Before doing any work on your CKS installation it is recommended to perform a full backup of all directories and files. 

Commands:

cd /var/virtru

mkdir backup

cd backup

cp -r /var/virtru/cks

Step 2: Stop your running CKS

You will need to stop the running Docker containers before updating anything. If running multiple CKS servers, take one out of the load balancer before stopping. 

Commands:

cd /var/virtru/cks

docker-compose down

 

Step 3: Update the SSL certificate

If you already have a renewed certificate bundle skip to Step 4. If you need to generate a certificate request you can run the following commands and then send the .csr to your certificate authority. They should return a new certificate bundle which you will turn into a .pem file in the next step.

 

Commands

cd /var/virtru/cks/ssl

openssl req -new -newkey rsa:2048 -nodes -keyout cks.example.com.key -out cks.example.com.csr

Step 4: Convert your certificate bundle to PEM format

The CKS requires an SSL certificate to be inside the /var/virtru/cks/ssl folder and be in .pem format. Most certificate authorities will send you a bundle containing the certificate and one or more intermediate certificates.

Note: the order of certs in the ssl.pem matters. The certificate for your CKS FQDN must be before the intermediate certificates for your CA.

To convert the contents of the bundle to a .pem file first copy the bundle into the ssl folder and execute the following:

 

Commands:

cd /var/virtru/cks/ssl

cat [path-to-private-key] [path-to-certificate] [path-to-intermediate-cert-1] ... [path-to-intermediate-cert-N] > ssl.pem

Step 5: Start the CKS Containers

Now that the new .pem file is inside the ssl folder you can turn the CKS back on.

Commands:

cd /var/virtru/cks

docker-compose up -d

Step 6: Check the Logs

Checking the logs for the absence of any errors is important. Also make sure that the 3 Docker containers start up and run and do not continue to restart. Continuing to restart is an indication of a problem.

Commands:

cd /var/virtru/cks

docker-compose logs -f

 

Step 7: Additional Testing Steps

Once the container is up, validate the response.

Commands:

curl https://cks.example.com/status

 

Using a browser, navigate to the /status endpoint and observe the updated date on the certificate.

Commands:

https://cks.example.com/status

Related articles