In the 4.9 release of the Vyopta Data Collector, you have the ability to use your own certificate for endpoints and CMS to send data to the collector.
All you need to do, is add in the following lines in your vyoptacollector.xml file. Assume the data collector's server has a FQDN of 'vyopta.customer.com' and a keystore called keystore.p12 with a keystore password of 'mypass', you would add the following properties
<property key="ssl.cert.domain">vyopta.customer.com</property>
<property key="ssl.cert.location">C:\Vyopta\keystore.p12</property>
<property key="ssl.cert.password">mypass</property>
Once you added the properties, you can restart your data collector.
The next step would be to open a web browser to https://your.collector.server:22181 and look at the certificate and see if the certificate is the one being supplied. If you are viewing your cert, you have successfully applied your custom cert to the data collector.
Please note - This is an advanced setting in Vyopta, and is not supported or recommended. If you choose to provide your own certificate to the data collector, you will need to self support any potential issues related to TLS and SNI. An example below is showing how the HTTP feedback port on an endpoint is not able to connect to the data collector due to SNI enforcement with the certificate.
If you run into issues like the above, our only recommendation is to use our default certificate thats provided in the Vyopta Data Collector, and not use a custom certificate.
Comments
Please sign in to leave a comment.