Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Editorial

This article describes additional tasks to upgrade Protocol Gateway from version 8.0.x or earlier. For the full upgrade instruction, see Upgrade Protocol Gateway.


Expandall

Prerequisites

Expand
titlePrerequisites

The following prerequisites apply:

Step-by-step instruction

The following configurations are done in configuration files in <configroot>

Expand
titleAbout <configroot>
Excerpt Include
NDWM:Configuration files in Protocol GatewayNDWM:
Configuration files in Protocol Gateway
nopaneltrue


Excerpt


Expand
titleConfigure Protocol Gateway properties

Protocol Gateway has gained the ability to send metrics to InfluxDB. To be able to use this feature, do the following updates:

  1. Open the file <configroot>/cm-gateway.properties for editing. 
  2. Add the following lines after the setting for cmhost:

    Code Block
    titleExample: cm-gateway.properties
    # CM-Connections is the maximum amount of concurrent officer connections to CF
    # to allocate to the officer pool.
    cmconnections = 20


  3. Add the following lines at the end of the file:

    Code Block
    titleExample: cm-gateway.properties
    #= Metrics reporter
    #
    # metrics.influxdb.url - If non-empty, PGW will report metrics to an
    # InfluxDB database at this URL.
    #
    #metrics.influxdb.url = http://localhost:8086
    # metrics.influxdb.user - The user name to be used when reporting metrics
    # to InfluxDB.
    #
    #metrics.influxdb.user =
    # metrics.influxdb.password - The password to be used when reporting
    # metrics to InfluxDB.
    #
    #metrics.influxdb.password =
    # metrics.influxdb.dbname - The InfluxDB database name where metrics will
    # be stored. The database must already exist in InfluxDB. Defaults to
    # "cm_metrics" if not specified.
    #
    #metrics.influxdb.dbname = cm_metrics
    # metrics.influxdb.interval - How often metrics should be sent to
    # InfluxDB (in seconds). Defaults to 30s if not specified.
    #
    #metrics.influxdb.interval = 30


  4. Save the file. 


Expand
titleConfigure REST API

The REST API configuration has been extended with additional endpoints. To be able to use the latest features, do the following updates:

  1. Open the file <configroot>/api.properties for editing. 
  2. Add the following lines at the end of the file:

    Code Block
    titleExample: api.properties
    # Registration Endpoints
    # HTTP GET: search
    # HTTP POST: create
    # HTTP PUT: edit
    # registrations/{procid}
    handler.60.filter = registrations/[a-z0-9A-Z\- ]+
    handler.60.format = api/registrations-list
    handler.60.getformat = api/registrations-list
    handler.60.postformat = api/registrations-create
    handler.60.putformat = api/registrations-update
    # registrations/{procid}/{protocol}
    handler.61.filter = registrations/[a-z0-9A-Z\- ]+/(?i)(est|acme|cmp|scep)
    handler.61.format = api/registrations-list-protocol
    handler.61.getformat = api/registrations-list-protocol
    handler.61.postformat = api/registrations-create-protocol
    handler.61.putformat = api/registrations-update-protocol
    # registrations/certificate/{certid}
    handler.62.filter = registrations/certificate/[0-9]+
    handler.62.format = api/registrations-get-certid
    ################
    # ACME Endpoints
    # registrations/{procid}/acme/accounts
    handler.70.filter = registrations/[a-z0-9A-Z\- ]+/acme/accounts
    handler.70.format = api/registrations-list-acme-accounts


  3. Save the file.


Expand
titleConfigure EST

The EST configuration has been extended with additional options. To be able to use the latest features, do the following updates:

  1. Open the file <configroot>/est.properties for editing. 
  2. Replace the description of the parameters to the following:

    Code Block
    titleExample: est.properties
    #- Parameters
    #
    # filter - contains a filter for the handler part of the URL
    # specified as a regular expression. NOTE: If using the CoAP proxy,
    # regular expressions in the filters are not supported.
    #
    # format - contains the name of a format definition file. For regular
    # EST the format definition files with the prefix 'est-' should be used. For
    # EST over CoAPs the files with the prefix 'estcoaps-' should be used instead.
    #
    # tokenprocedure - contains the description or id of a token procedure
    # in the CM server.
    #
    # ra.keyfile - is the token to sign the fullcmc responses.
    # Not required if fullcmc is disabled.
    #
    # ra.password - is the password to the keyfile. It is recommended to
    # obfuscate sensitive data with .encrypted.
    #
    # requiredRoRoles - optional, contains a space or comma separated list
    # of required Registration Officer roles. This requires client
    # authentication to be enabled in Tomcat, and verifies that the
    # client certificate is an officer. If the role "none" is entered,
    # the client certificate must be issued by CM but does not need to
    # be an officer. "/cacerts" must not be protected behind client
    # authentication, and therefore no default role should be set.
    #
    # authtype - optional, enables HTTP Basic/Digest authentication by
    # specificing the desired authentication type. May only be set
    # for filters simpleenroll and simplereenroll.
    # Example:
    # handler.<n>.authtype = Basic
    # handler.<n>.authtype = Digest
    #
    # realm - required if authtype is set, may be empty. Determines which
    # realm the login should occur on. Can only be set for filters
    # simpleenroll and simplereenroll.
    #
    # qop - optional, determines the quality of protection used with
    # Digest authentication. Valid value is 'auth'. If not specified
    # then no Quality of Protection will be required.


  3. Save the file.



Related information