Replace certificate for Open Policy Agent (OPA)

To renew OPA certificate, perform the following steps:

1. In Admin manager go to Settings → Certificates → Service Credentials → Others tab

   

2. Click on Renew button for OPA

3. Optional - save the generated zip file

4. To apply the new certificate go to Tools → Infrastructure → Nodes

   

5. On the Agent Actions section on the right hand side expand the OPA category

6. Run the command “change opa cert”

   

7. On the displayed pop-up, select the webapp nodes where the certificate will be changed

   

8. Click on Run button

9. If the execution is successful, each webapp node that was selected above will turn green having the action Id “changeOpaCert”

10. If the execution is not successful, each webapp node where the command failed will turn red. To check the logs for the execution click on the View icon for a node and view the list of all executions .

11. To check one log entry, click on the view icon for the respective line

    

Alternative method to change the OPA certificate

This method represents the server-side version of the steps above. If the procedure above was performed, the below steps should not be done.

1. perform steps 1->3 from above procedure

2. copy the zip file from your computer to the server where OPA service is installed

   1. CODE

      scp opa-cert.zip veridiumid@<IP_ADDRESS>:/home/veridiumid

3. ssh into the server where OPA service is installed:

   1. CODE

      ssh veridiumid@<IP_ADDRESS>

4. execute the following

   1. CODE

      sudo /opt/veridiumid/opa/bin/config-opa.sh -c /home/veridiumid/opa-cert.zip