Articles in this section

See more

Handling SSL Certificates in 5.X and during 5.X Migration

Replacing SSL Certificates in 5.X

Steps to replace SSL certs on intigua-main and intigua-worker:
1. Place the new intigua.crt and intigua.key files in the following folders:
For intigua-main: /usr/share/intigua/services/data/intigua-main/sslcert
For intigua-worker: /usr/share/intigua/services/data/certs/files
2. Run ensure_ssl_keystore.sh
3. Run ensure_truststore.sh
4. Restart both containers
 

Handling SSL Certificates During 5.x Migration

This article explains how to handle SSL certificates during the migration from JetPatch 4.2.x (Monolithic) to JetPatch 5.0 (Microservices).

JetPatch supports two approaches for SSL-enabled environments:

  • Option A – Use a configuration file (--config) (Recommended)

  • Option B – Edit migration script defaults manually

Option A – Use --config Environment File (Recommended)

Use this option when:

  • SSL certificates are stored in custom directories

  • You prefer not to edit the migration script

  • You want a repeatable and safer migration process

A.1 Create Configuration File for Certificate Overrides

Create a configuration file in KEY=VALUE format that defines the certificate locations and filenames.

cat > /root/migrate.env <<'EOF'
CERT_CRT_SRC_DIR=/opt/customer/tls/public
CERT_CRT_SRC_FILE=mycompany_tls_cert.pem
CERT_KEY_SRC_DIR=/opt/customer/tls/private
CERT_KEY_SRC_FILE=mycompany_tls_key.pem
EOF

Ensure paths and filenames exactly match the customer environment.

A.2 Validate Configuration

Navigate to the migration directory:

cd /root/jetpatch-deploy-5.0-59/bin/

Run validation-only mode using the configuration file:

./migrate_monolith_to_microservices.sh --validate-only --config /root/migrate.env

This step verifies:

  • Certificate files exist and are readable

  • Paths and filenames are correct

  • Migration prerequisites are satisfied

No files are copied or modified during validation.

A.3 Run Migration Using Configuration File

After successful validation, run the migration using the same configuration file:

./migrate_monolith_to_microservices.sh --config /root/migrate.env

Certificates are copied and normalized to:

  • intigua.crt

  • intigua.key

and placed in all required JetPatch 5.0 directories.

Option B – Edit Script Defaults (Manual Method)

Use this option only when:

  • SSL certificates already exist on the system

  • External configuration files cannot be used

  • You are comfortable editing the migration script

B.1 Identify Certificate Locations

Determine the exact paths and filenames of the SSL certificate and private key.

Example:

  • Certificate directory:

    /etc/nginx/intigua-sslcert

  • Certificate file:

    mycompany_tls_cert.pem

  • Key file:

    mycompany_tls_key.pem

Ensure files are readable by the user running the migration.

B.2 Edit Migration Script Defaults

Navigate to:

cd /root/jetpatch-deploy-5.0-59/bin/

Edit the migration script:

vi migrate_monolith_to_microservices.sh

Update the default variables at the top of the script:

CERT_CRT_SRC_DIR_DEFAULT="/etc/nginx/intigua-sslcert"
CERT_CRT_SRC_FILE_DEFAULT="mycompany_tls_cert.pem"

CERT_KEY_SRC_DIR_DEFAULT="/etc/nginx/intigua-sslcert"
CERT_KEY_SRC_FILE_DEFAULT="mycompany_tls_key.pem"

Save and exit.

B.3 Validate Configuration

Run validation mode:

./migrate_monolith_to_microservices.sh --validate-only

Then ensure SSL certificates are added to the Java truststore:

./ensure_truststore.sh

Expected output:

Trust this certificate? [no]: Certificate was added to keystore

Summary

Option Method Recommended
Option A --config environment file Yes
Option B Edit script defaults Advanced users only

Related Documentation

Related articles

Comments

0 comments

Please sign in to leave a comment.