Rotating Database Application Certificates?

Question

Rotating Database Application Certificates?

joesypula opened this issue 4 years ago · comments

Hello,

I have just updated my AWS RDS MySQL 5.6.41 Certificate.

I was hoping to get some guidance on how to update the GRR application so it can use the new database cert.

Do all components, ie Worker, admin, frontend need to be re-configured to use the new cert? If so ,is there any documentation on how to do this? I see the grr_config_updater rotate_server_key command, but am unsure if I need to run this on all components.

Thank you

Max Vogler · Answer 1 · Thu Mar 12 2020 18:27:15 GMT+0800 (China Standard Time)

grr_config_updater rotate_server_key is unrelated. If I understand correctly, you rotated the TLS certificate that is used by GRR to connect to your MySQL instance?

Update the GRR configuration to point to the new certificate if needed, then a restart of all GRR components (AdminUI, Worker, Frontend) should be enough to make GRR load and use the new certificate.

____ · Answer 2 · Fri Mar 13 2020 00:56:16 GMT+0800 (China Standard Time)

Thank for the response. Yes I updated the database cert and just want to make sure all grr components are connecting to the database correctly. Thank you!

…

On Thu, Mar 12, 2020 at 3:27 AM Max Vogler ***@***.***> wrote: grr_config_updater rotate_server_key is unrelated. If I understand correctly, you rotated the TLS certificate that is used by GRR to connect to your MySQL instance? Update the GRR configuration to point to the new certificate if needed, then a restart of all GRR components (AdminUI, Worker, Frontend) should be enough to make GRR load and use the new certificate. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#763 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AHHLVTGARBKXZJFWTHFZ5CDRHC2JDANCNFSM4LFJJFMA> .