NXLog search
Let's talk Start free
Let's talk Start free
1.05

Upload a custom CA certificate to NXLog Platform

By default, NXLog Platform uses a self-signed Certificate Authority (CA) certificate to generate and sign agent certificates. You can configure NXLog Platform to use a custom CA certificate by following the steps below.

  1. Follow the steps to Generate an API token with full access permissions. Take note of the API token.

  2. Copy the custom CA certificate and private key to the /tmp folder on the NXLog Platform machine.

  3. Copy the following script to the /tmp folder.

    #!/usr/bin/bash

NXLOG_API_TOKEN="<API_TOKEN>" (1)
CA_CERT_PATH="/tmp/ca-cert.pem" (2)
CA_KEY_PATH="/tmp/ca-key.pem" (3)

# Decode the JWT token
payload=$(echo "$NXLOG_API_TOKEN" | cut -d '.' -f2 | base64 -d 2>/dev/null)

# Check if decoding was successful
if [ -z "$payload" ]; then
    echo "Failed to decode JWT token."
        exit 1
	fi

# Extract the "iss" and "org_id" values using awk
iss=$(echo "$payload" | awk -F '"' '/"iss"/ {print $4}')
org_id=$(echo "$payload" | awk -F '"' '/"org_id"/ {print $24}')

# Replace "auth" with "agents" in the "iss" value
agents_url=$(echo "$iss" | sed 's/auth/agents/')

# Construct the main URL
api_url="https://$agents_url/api/$org_id/api/v1"

mgr_CA=$(sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g' $CA_CERT_PATH)
mgr_CA_key=$(sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g' $CA_KEY_PATH)
resp=$(curl -kisSX POST "$api_url/ca" -d '{"cert-pem": "'"$mgr_CA"'", "key-pem": "'"$mgr_CA_key"'"}' -H "Authorization: Bearer $NXLOG_API_TOKEN" )

if [[ ! $resp =~ 204 ]]
then
  echo -e "\nThere was an error importing CA into Vault of Platform:\n $resp"
    exit
    fi
    echo "Successfully imported CA into Vault of NXLog Platform!"
    echo "================================================================================"
    1 Replace <API_TOKEN> with the API token you generated in step 1.
    2 Replace ca-cert.pem with your CA certificate filename.
    3 Replace ca-key.pem with your private key filename.

  4. Execute the script to update the CA certificate and private key in NXLog Platform.

  5. Update the Remote Management (xm_admin) instance in your agent configurations with the following directives:

    AllowUntrusted    TRUE
RequireCert       FALSE

  6. From NXLog Platform, navigate to Agents and select all agents.

    NXLog Platform - select all agents

  7. Click Operations and select Renew Certificate.

    NXLog Platform - renew agent certificates

  8. Repeat the last two steps, but this time select Update Configuration.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS