If one of the following certificates have expired, you will have to load the new certificate in the Java Truststore on the Flowscape Server.
Flowscape Server certificate
A TLS Certificate and a Private Key is required for the Flowscape Solution.
The TLS Certificate must be a public CA signed certificate (self-signed certificates are not acceptable).
The TLS Certificate must include the hostnames “flowscape” & “flowscape-login”, the hostnames can be added in the certificate´s SANs list.
flowscape.<domain-name> (example flowscape.customer.com)
flowscape-login.<domain-name> (example flowscape-login.customer.com)
The TLS Certificate must support TLSv1.2 or higher.
The TLS Certificate must contain the root and intermediate CA in the certificate chain.
-----BEGIN CERTIFICATE----- <server certificate> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <intermediate certificate> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <root certificate> -----END CERTIFICATE-----The TLS Certificate must be SHA2 encrypted.
The TLS Certificate must be in .crt format.
The Private Key must be decrypted and not have any password set.
The Private Key must be in .key format.
Add the FQDN:s on your DNS server as Type A records.
flowscape.<domain-name> -> Server IP address
flowscape-login.<domain-name> -> Server IP address
Go to /opt/flowscape/certs/
Create a new folder with the name of todays date "yyyymmdd", eg. “20260107”
Make a copy of the existing files and paste them in the new folder “20260107” to keep them as a backup
cert.crt
truststore.jks
Replace the certificate by uploading the new file under /opt/flowscape/certs/
cert.crt
Run the following commands:
if you are using podman; replace "docker" with "podman"
if you have to provide a password for the keystore, use "changeit"
docker compose down
docker compose up iws-gaia -d
docker compose exec -it iws-gaia keytool -delete -alias cert.crt -keystore /certs/truststore.jks
docker compose exec -it iws-gaia keytool -importcert -alias "cert.crt" -file /certs/cert.crt -keystore /certs/truststore.jks -storepass "changeit"
docker compose up -d
AD FS Server certificate
Go to /opt/flowscape/certs/
Create a new folder with the name of todays date "yyyymmdd", eg. “20260107”
Make a copy of the existing files and paste them in the new folder “20260107” to keep them as a backup
adfs.crt
truststore.jks
Replace the certificate by uploading the new file under /opt/flowscape/certs/
adfs.crt
Run the following commands:
if you are using podman; replace "docker" with "podman"
if you have to provide a password for the keystore, use "changeit"
docker compose down
docker compose up iws-gaia -d
docker compose exec -it iws-gaia keytool -delete -alias adfs.crt -keystore /certs/truststore.jks
docker compose exec -it iws-gaia keytool -importcert -alias "adfs.crt" -file /certs/adfs.crt -keystore /certs/truststore.jks -storepass "changeit"
docker compose up -d
Exchange Server certificate
Go to /opt/flowscape/certs/
Create a new folder with the name of todays date "yyyymmdd", eg. “20260107”
Make a copy of the existing files and paste them in the new folder “20260107” to keep them as a backup
exchange.crt
truststore.jks
Replace the certificate by uploading the new file under /opt/flowscape/certs/
exchange.crt
Run the following commands:
if you are using podman; replace "docker" with "podman"
if you have to provide a password for the keystore, use "changeit"
docker compose down
docker compose up iws-gaia -d
docker compose exec -it iws-gaia keytool -delete -alias exchange.crt -keystore /certs/truststore.jks
docker compose exec -it iws-gaia keytool -importcert -alias "exchange.crt" -file /certs/exchange.crt -keystore /certs/truststore.jks -storepass "changeit"
docker compose up -d
Comments
0 comments
Please sign in to leave a comment.