haproxy ssl certificate not imported to Websphere Truststore

[stoeps13]

Since the update to Connections 8 the SSL certificate of HAProxy is not imported to Dmgr SSL certificate trust store!

Without this import, Connections is not loading at all. This is quite painful because HAProxy certificate gets regenerated on each CP playbook run, I would ask for checking if the certificate is valid for more than 90 days and then just keep the used SSL keys.

[sabrina-yee]

I don't believe we import/re-import the HAProxy cert to the Dmgr trust store, only the NGINX and IHS ones as part of the connections-post-install.yml playbook. Was this playbook run as the end of the deployment?

https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/95e1e2fc53ee8c6306a6ae28ccc0fe228df57d37/roles/third_party/ibm/wasnd/was-dmgr-config-sso-update/tasks/config_sso.yml#L24-L36

[stoeps13]

Hi, yes, you're right, the nginx certificate is not deleted.

My last command is the playbook setup-component-pack-complete-harbor.yml which recreated the nginx certs and in the end restart Websphere, but does not import SSL certs.

So I add the role you mentioned there. Thanks

[stoeps13]

Solved, when rerunning the post install role