Skip to main content
druva_logo.pngDruva
|
Documentation

How can we help you?

 

Trending articles:
Druva Documentation

Enhance security with a signed SSL certificate

  1. Last updated
  2. Save as PDF
Phoenix Editions: File:/cross.png Business File:/cross.png Enterprise File:/tick.png Elite

 

Note: This document is applicable only for CloudCache R2. See CloudCache Versions.

Overview

CloudCache R2 ships with a self-signed SSL certificate.  The communication between Backup Proxy and CloudCache R2 takes place using a secured TLS. However, Backup Proxy cannot verify the self-signed certificate.

For enhanced security, you can use your own signed SSL certificates. The benefit of using a signed certificate is that the Backup proxy can verify the SSL certificate, which cannot be done for the self-signed certificate.

Prerequisites

You must have the SSL certificate and the key file for your domain name.

The SSL certificate file typically has a file extension of .crt, and the key file typically has a file extension of .key.

Contact your network administrator for these files.

Additionally, the root-CA certificate of the certificate authority (CA) must be added to the trust pool of the Backup Proxy server.

Backup Proxy configuration

Log in to the Backup Proxy server, open a terminal, and follow these steps: 

  1. Open the following file in any editor:

/etc/Phoenix/AHV/Phoenix.cfg

  1. Locate the following flag and set its value to true:

CC_SSL_INSECURE

See the following table for the possible values of this flag and the impact

Value of Flag Impact

CC_SSL_INSECURE: true

(Default value)

 Even though the communication between Backup proxy and CloudCache is over SSL, the CloudCache certificate is not verified.  

 

This is the default option because you will need to provide your certificate and key to enable the certificate validation.

CC_SSL_INSECURE: false

The most secure setting where the communication between Backup proxy and CloudCache uses SSL and the CloudCache certificate is verified. 

  1. Restart the Backup Proxy service with the following command:
    service phoenix restart

CloudCache configuration

Before you begin, Take note of the path where you saved the certificate and the key file. See Prereqisites. 

Log into the CloudCache server, launch a terminal and follow these steps:

  1. Open the following file in any editor:

/etc/Druva/EnterpriseWorkloads/Config.yaml

The content of this file will be as follows:

info:
    id: 150
    state: CacheClientConfigured
    type: ""
tunables:
    max_parallel_puts: 500
    memory_limit: 0
    server_certificate: ""
    server_private_key: ""

  1. Locate the following lines in this file:
    server_certificate:
    server_private_key:

  2. Enter the complete path of the certificate file and key as follows:
    server_certificate: /full/path/to/certificate.crt
    server_private_key: /full/path/to/private.key

  3. Finally, save the configuration file and restart the CloudCache service as follows:
    service Druva-EnterpriseWorkloads restart

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. CC_SSL_INSECURE
    2. Signed SSL
    3. ssl