Follow

Apache Driver Highlight & Configuration Guide

Features:

  • Apache application objects provision PEM-format certificate files
  • Apache application objects are file-system-level drivers and do not interact with the host's Apache configuration (certificate files are replaced in the file system, but workflows are required to inject httpd restart commands/etc)
  • Apache application objects provide SSL/TLS and installation validation (SSL/TLS handshake and file-system-level validation)
  • Supports storage of private keys in TPP's database (software) or an HSM (hardware)

Gotchas:

  • TPP requires virtual hosts to have dedicated IP addresses
  • Private key file provisioned by TPP is encrypted (requires additional configuration/automation on Apache host)

Pre-requisite Configuration (Apache Host):

  • Apache installed/configured w/SSL port opened (443 by default)
  • ModSSL and OpenSSL installed/configured w/SSH port opened (22 by default)
  • SSL service account needs read and write access to the certificate, private key, and root certificate chain paths
  • SSL service account needs read and write access to the temp path

TPP Configuration:

  • Device credential object creation (username credential object for Apache host service account):

device_credential.png

  • Device object creation (represents Apache host):

device_object.png

  • Private key credential object creation (password credential object for private key passphrase):

private_key_passphrase.png

  • Application object creation (represents Apache application on Apache host):

application_object.png

  • Certificate object creation -or- importing of existing certificate/key:

certificate_object.png

  • Association of certificate object with application object (binds certificate to application):

certificate_association.png

  • Reason code creation (required for workflow):

reason_code.png

  • Workflow creation (uses command injection to restart Apache application on Apache host at stage 1100):

workflow.png

  • Workflow assignment to policy (enables Apache restart workflow):

workflow_assign.png

  • Renewal of certificate object (if required):

certificate_renewal.png

  • Pushing renewed certificate to application (provisions certificate to Apache host) :

certificate_push.png

  • Validate installation and Apache reboot by comparing thumbprints in TPP vs web browser:

thumbprint_tpp.png

thumbprint_browser.png

Was this article helpful?
0 out of 0 found this helpful

Comments