From f3ef897ff88d1950d88a4e177b9a7ab47d627920 Mon Sep 17 00:00:00 2001 From: "sam.abley" Date: Tue, 21 Nov 2023 14:59:39 +0000 Subject: [PATCH] updated properties --- .../install-application-and-loadbalancer-servers.md | 2 +- .../install-application-server.md | 2 +- .../advanced/advanced-config-changes.md | 10 +++++----- .../advanced/rollover-certificates.md | 12 +++++++----- .../install-application-and-loadbalancer-servers.md | 2 +- .../install-application-server.md | 2 +- 6 files changed, 16 insertions(+), 14 deletions(-) diff --git a/content/en/docs/2023.11/getting-started/on-premise/add-innovation-to-72/multiple-server-with-ha/install-application-and-loadbalancer-servers.md b/content/en/docs/2023.11/getting-started/on-premise/add-innovation-to-72/multiple-server-with-ha/install-application-and-loadbalancer-servers.md index c359884a2..e6ebd5ecb 100644 --- a/content/en/docs/2023.11/getting-started/on-premise/add-innovation-to-72/multiple-server-with-ha/install-application-and-loadbalancer-servers.md +++ b/content/en/docs/2023.11/getting-started/on-premise/add-innovation-to-72/multiple-server-with-ha/install-application-and-loadbalancer-servers.md @@ -223,7 +223,7 @@ To check all necessary ports are free, follow these steps: |`AppServicesPath` | Configure this value with the location of the Application Services zip file on the Application Server used for installation. | |`BlockPackagesPath` | Configure this value with the location of the Block Packages zip file on the Application Server used for installation. | |`ApiGatewayBasicAuthUsername` | Configure this value with a username that can be used to make HTTPS requests to the API Gateway Service using Basic Authentication (e.g. starting flows). This username will be used by Gateway for all HTTPS requests to the API Gateway Service.

For security reasons it is recommended that the default value `BasicAuthUser` should be changed.

This value will be needed [later, when upgrading Gateway][Upgrade Gateway].

This username can also be used by external services for HTTPS requests to the API Gateway Service but is not recommended; these requests should use an OAuth2 session for an authorised Active Directory user.{{< alert type="note" title="Note" >}} This field can be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| - |`ApiGatewayBasicAuthPassword` | Configure this value with the password for the username specified for `ApiGatewayBasicAuthUsername`.

This value will be needed [later, when upgrading Gateway][Upgrade Gateway].{{< alert type="note" title="Note" >}} This field must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| + |`ApiGatewayBasicAuthPassword` | Configure this value with the password for the username specified for `ApiGatewayBasicAuthUsername`.

For security reasons it is recommended that the default value should be changed.

This value will be needed [later, when upgrading Gateway][Upgrade Gateway].{{< alert type="note" title="Note" >}} This field must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| |`CustomerName` | A name identifying the platform being installed. This must have no spaces or symbols. It will be appended to the node names that are displayed in Service Fabric Explorer. | |`ApplicationServerIPv4Addresses` | The IPv4 addresses of the Application Servers. The first of these must be the Application Server used for installation. | |`LoadBalancerServerIPv4Address` | The IPv4 address of the Load Balancer Server. This is only needed if using the built-in load balancer. | diff --git a/content/en/docs/2023.11/getting-started/on-premise/add-innovation-to-72/single-server-without-ha/install-application-server.md b/content/en/docs/2023.11/getting-started/on-premise/add-innovation-to-72/single-server-without-ha/install-application-server.md index 083474db2..7873e21ea 100644 --- a/content/en/docs/2023.11/getting-started/on-premise/add-innovation-to-72/single-server-without-ha/install-application-server.md +++ b/content/en/docs/2023.11/getting-started/on-premise/add-innovation-to-72/single-server-without-ha/install-application-server.md @@ -176,7 +176,7 @@ To check all necessary ports are free, follow these steps: |`AppServicesPath` | Configure this value with the location of the App Services zip file on the server. | |`BlockPackagesPath` | Configure this value with the location of the Block Packages zip file on the server. | |`ApiGatewayBasicAuthUsername` | Configure this value with a username that can be used to make HTTPS requests to the API Gateway Service using Basic Authentication (e.g. starting flows). This username will be used by Gateway for all HTTPS requests to the API Gateway Service.

For security reasons it is recommended that the default value `BasicAuthUser` should be changed.

This value will be needed [later, when upgrading Gateway][Upgrade Gateway].

This username can also be used by external services for HTTPS requests to the API Gateway Service but is not recommended; these requests should use an OAuth2 session for an authorised Active Directory user.{{< alert type="note" title="Note" >}} This field can be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| - |`ApiGatewayBasicAuthPassword` | Configure this value with the password for the username specified for `ApiGatewayBasicAuthUsername`.

This value will be needed [later, when upgrading Gateway][Upgrade Gateway].{{< alert type="note" title="Note" >}} This field must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| + |`ApiGatewayBasicAuthPassword` | Configure this value with the password for the username specified for `ApiGatewayBasicAuthUsername`.

For security reasons it is recommended that the default value should be changed.

This value will be needed [later, when upgrading Gateway][Upgrade Gateway].{{< alert type="note" title="Note" >}} This field must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| |`CustomerName` | A name identifying the platform being installed. This must have no spaces or symbols. It will be appended to the node names that are displayed in Service Fabric Explorer. | |`ApplicationServerIPv4Addresses` | The IPv4 address of the server.| |`ServerCertificatePath` | The local path of a .PFX certificate file on the server. Environment variables cannot be used.

This is only needed if installing with CA Certificates (Recommended). The certificate should meet the [Certificate Requirements][].

This certificate will be used for: {{< alert type="warning" title="Warning" >}}It is critical to set a reminder to {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.RolloverCertificates" title="update certificates" >}} in good time before they expire. If they expire then the platform will cease to function and {{< ahref path="Cortex.ServicePortal.MainDoc" title="CORTEX Service Portal" >}} must be contacted for support.{{< /alert >}}| diff --git a/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/advanced/advanced-config-changes.md b/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/advanced/advanced-config-changes.md index 8f3e6ccba..9d85063fd 100644 --- a/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/advanced/advanced-config-changes.md +++ b/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/advanced/advanced-config-changes.md @@ -87,14 +87,14 @@ Advanced configuration (such as port changes) can be undertaken by taking the fo "serverCertificates": { "serverCert": { "pfxCertificatePath": "C:\\Certificates\\wildCardCert.pfx", - "pfxCertificatePassword": "pfxPassword", + "pfxCertificatePassword": "#_121004188127116!133150189159197057145221234081254~237141201182240!228132117152122101166250091035249#", "pemRootCertificatePath": "" } }, "adminCertificates": { "loadBalancerCert": { "pfxCertificatePath": "C:\\Certificates\\lbCert.pfx", - "pfxCertificatePassword": "pfxPassword", + "pfxCertificatePassword": "#_121004188127116!133150189159197057145221234081254~237141201182240!228132117152122101166250091035249#", "pemRootCertificatePath": "" } } @@ -120,7 +120,7 @@ Advanced configuration (such as port changes) can be undertaken by taking the fo |75 |The password used to secure the .PFX file.| |76 |This only needs to be used if the installation has failed due to a missing root certificate. See [Troubleshooting Root Certificate Error] for information.| |81 |This is the local path of a .PFX certificate file on the first Application Server, containing a full chain certificate with private key. Ensure that all backslashes are escaped with another backslash. Environment variables cannot be used. | - |82 |The password used to secure the .PFX file.| + |82 |The password used to secure the .PFX file.{{< alert type="note" title="Note" >}} This field must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| |83 |This only needs to be used if the installation has failed due to a missing root certificate. See [Troubleshooting Root Certificate Error] for information.| 1. Save and close the config file. @@ -179,7 +179,7 @@ Advanced configuration (such as port changes) can be undertaken by taking the fo "serverCertificates": { "serverCert": { "pfxCertificatePath": "C:\\Certificates\\wildCardCert.pfx", - "pfxCertificatePassword": "pfxPassword", + "pfxCertificatePassword": "#_121004188127116!133150189159197057145221234081254~237141201182240!228132117152122101166250091035249#", "pemRootCertificatePath": "" } } @@ -195,7 +195,7 @@ Advanced configuration (such as port changes) can be undertaken by taking the fo |27 | The name of a certificate entry in the serverCertificates section. If this line is removed, an auto-generated self-signed certificate will be used. Self-signed certificates are not recommended for production systems.| |48-50 | Skip configuring these lines if self-signed certificates are being used. | |48 |This is the local path of a .PFX certificate file on the server, containing a full chain certificate with private key. Ensure that all backslashes are escaped with another backslash. Environment variables cannot be used. | - |49 |The password used to secure the .PFX file.| + |49 |The password used to secure the .PFX file. {{< alert type="note" title="Note" >}} This field must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| |50 |This only needs to be used if the installation has failed due to a missing root certificate. See [Troubleshooting Root Certificate Error] for information.| 1. Save and close the config file. diff --git a/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/advanced/rollover-certificates.md b/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/advanced/rollover-certificates.md index b9bb519ab..740f77b6a 100644 --- a/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/advanced/rollover-certificates.md +++ b/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/advanced/rollover-certificates.md @@ -47,26 +47,28 @@ If required, a separate X.509 SSL certificate can be obtained to be used by the {{< tab header="Multiple Servers with HA" >}} .\Cortex.Update.Certificates.ps1 -ConfigFileName Cortex.Innovation.Install.Config.json ` -ServerCertificatePath "C:\Install\Certificates\cert.pfx" ` - -ServerCertificatePassword "myPassword" ` + -ServerCertificatePassword "#_173143083161001!153134111116076231173085078170111~219102086228187!128017006016134019248042194172107#" ` -ClientCertificatePath "C:\Install\Certificates\cert.pfx" ` - -ClientCertificatePassword "myPassword" ` + -ClientCertificatePassword "#_173143083161001!153134111116076231173085078170111~219102086228187!128017006016134019248042194172107#" ` -Credential $Credential {{< /tab >}} {{< tab header="Single Server without HA" >}} .\Cortex.Update.Certificates.ps1 -ConfigFileName Cortex.Innovation.Install.Config.json ` -ServerCertificatePath "C:\Install\Certificates\cert.pfx" ` - -ServerCertificatePassword "myPassword" ` + -ServerCertificatePassword "#_173143083161001!153134111116076231173085078170111~219102086228187!128017006016134019248042194172107#" ` -SkipLoadBalancer ` -Credential $Credential {{< /tab >}} {{< /tabpane >}} + {{< alert type="note" title="Note" >}}For security reasons the fields that are required to be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}} should be created on a server that has the `Encryption Key` set from {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.SingleServerWithoutHA.EncryptionKeyRequirements" title="Encryption Key Requirements" >}}.{{< /alert >}} + | Name | Description | |----------------------------------------------|-------------| |`ServerCertificatePath` | The local path of a new, valid .PFX certificate file on the server. Environment variables cannot be used.

The certificate should meet the [Certificate Requirements][].

This certificate will be used for: | - |`ServerCertificatePassword` | The password for the .PFX certificate file specified in `ServerCertificatePath`.| + |`ServerCertificatePassword` | The password for the .PFX certificate file specified in `ServerCertificatePath`.{{< alert type="note" title="Note" >}} This field must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| |`ClientCertificatePath` | The local path of a .PFX certificate file on the first Application Server in the `ApplicationServerIPv4Addresses` list. This can be the same certificate as the `ServerCertificatePath`. Environment variables cannot be used.

This is only needed if installing with CA Certificates (Recommended) and using the Built-In Load Balancer. The certificate should meet the [Certificate Requirements][].

This certificate will be used for: | - |`ClientCertificatePassword` | The password for the .PFX certificate file specified in `ClientCertificatePath`.

This is only needed if using the Built-In Load Balancer. | + |`ClientCertificatePassword` | The password for the .PFX certificate file specified in `ClientCertificatePath`.

This is only needed if using the Built-In Load Balancer. {{< alert type="note" title="Note" >}} This field must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| |`SkipLoadBalancer` | Updates certificates without updating a load balancer. | |`Credential` | The credentials of the user which will be used to perform remote operations on the server. It must be a domain user that is a member of the local Administrators group on the server.

This does not need to be changed, a prompt will appear to enter this information when the script is run. | diff --git a/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/multiple-server-with-ha/install-application-and-loadbalancer-servers.md b/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/multiple-server-with-ha/install-application-and-loadbalancer-servers.md index 461d161b7..4f2497bc7 100644 --- a/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/multiple-server-with-ha/install-application-and-loadbalancer-servers.md +++ b/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/multiple-server-with-ha/install-application-and-loadbalancer-servers.md @@ -223,7 +223,7 @@ To check all necessary ports are free, follow these steps: |`AppServicesPath` | Configure this value with the location of the Application Services zip file on the Application Server used for installation. | |`BlockPackagesPath` | Configure this value with the location of the Block Packages zip file on the Application Server used for installation. | |`ApiGatewayBasicAuthUsername` | Configure this value with a username that can be used to make HTTPS requests to the API Gateway Service using Basic Authentication (e.g. starting flows). This username will be used by Gateway for all HTTPS requests to the API Gateway Service.

For security reasons it is recommended that the default value `BasicAuthUser` should be changed.

This value will be needed [later, when installing Gateway][Install Gateway].

This username can also be used by external services for HTTPS requests to the API Gateway Service but is not recommended; these requests should use an OAuth2 session for an authorised Active Directory user.{{< alert type="note" title="Note" >}} This field can be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| - |`ApiGatewayBasicAuthPassword` | Configure this value with the password for the username specified for `ApiGatewayBasicAuthUsername`.

This value will be needed [later, when installing Gateway][Install Gateway].{{< alert type="note" title="Note" >}} This field must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| + |`ApiGatewayBasicAuthPassword` | Configure this value with the password for the username specified for `ApiGatewayBasicAuthUsername`.

For security reasons it is recommended that the default value should be changed.

This value will be needed [later, when installing Gateway][Install Gateway].{{< alert type="note" title="Note" >}} This field must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| |`CustomerName` | A name identifying the platform being installed. This must have no spaces or symbols. It will be appended to the node names that are displayed in Service Fabric Explorer. | |`ApplicationServerIPv4Addresses` | The IPv4 addresses of the Application Servers. The first of these must be the Application Server used for installation. | |`LoadBalancerServerIPv4Address` | The IPv4 address of the Load Balancer Server. This is only needed if using the built-in load balancer. | diff --git a/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/single-server-without-ha/install-application-server.md b/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/single-server-without-ha/install-application-server.md index 5f1f6eab3..177f3d4b0 100644 --- a/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/single-server-without-ha/install-application-server.md +++ b/content/en/docs/2023.11/getting-started/on-premise/install-innovation-only/single-server-without-ha/install-application-server.md @@ -176,7 +176,7 @@ To check all necessary ports are free, follow these steps: |`AppServicesPath` | Configure this value with the location of the App Services zip file on the server. | |`BlockPackagesPath` | Configure this value with the location of the Block Packages zip file on the server. | |`ApiGatewayBasicAuthUsername` | Configure this value with a username that can be used to make HTTPS requests to the API Gateway Service using Basic Authentication (e.g. starting flows). This username will be used by Gateway for all HTTPS requests to the API Gateway Service.

For security reasons it is recommended that the default value `BasicAuthUser` should be changed.

This value will be needed [later, when installing Gateway][Install Gateway].

This username can also be used by external services for HTTPS requests to the API Gateway Service but is not recommended; these requests should use an OAuth2 session for an authorised Active Directory user.{{< alert type="note" title="Note" >}} This field must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| - |`ApiGatewayBasicAuthPassword` | Configure this value with the password for the username specified for `ApiGatewayBasicAuthUsername`.

This value will be needed [later, when installing Gateway][Install Gateway].{{< alert type="note" title="Note" >}} This field must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| + |`ApiGatewayBasicAuthPassword` | Configure this value with the password for the username specified for `ApiGatewayBasicAuthUsername`.

For security reasons it is recommended that the default value should be changed.

This value will be needed [later, when installing Gateway][Install Gateway].{{< alert type="note" title="Note" >}} This field must be {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.EncryptText" title="CORTEX Encrypted" >}}.{{< /alert >}}| |`CustomerName` | A name identifying the platform being installed. This must have no spaces or symbols. It will be appended to the node names that are displayed in Service Fabric Explorer. | |`ApplicationServerIPv4Addresses` | The IPv4 address of the server.| |`ServerCertificatePath` | The local path of a .PFX certificate file on the server. Environment variables cannot be used.

This is only needed if installing with CA Certificates (Recommended). The certificate should meet the [Certificate Requirements][].

This certificate will be used for: {{< alert type="warning" title="Warning" >}}It is critical to set a reminder to {{< ahref path="Cortex.GettingStarted.OnPremise.InstallInnovationOnly.Advanced.RolloverCertificates" title="update certificates" >}} in good time before they expire. If they expire then the platform will cease to function and {{< ahref path="Cortex.ServicePortal.MainDoc" title="CORTEX Service Portal" >}} must be contacted for support.{{< /alert >}}|