Skip to main content
Version: 31.1.0

Enable TLS Secured Communication

danger

This feature is not fully released yet!

We strongly recommend to test this feature in testing environments and do not deploy to production environments yet.

Currently Supported Data Services

  • a9s Messaging
  • a9s PostgreSQL
  • a9s Redis
  • a9s LogMe
  • a9s MongoDB
  • a9s MySQL
  • a9s PG (postgresql-backup-endpoint only)

New Data Services


We have created Ops-files to insert all BOSH properties and TLS certificates to the respective data service deployment manifest.

To change the manifest with the plain-text (HTTP) requests to the TLS secured ones (HTTPS), you only need to apply the Ops-file when deploying the Data Service.

The default duration for the TLS certificates is 365 days. If you don't want to rotate the certificates every 365 days, you can increase the duration in the Ops-files.

Example:

# a9s Messaging
bosh deploy rabbitmq-service/rabbitmq-service.yml -o ops/tls_configurations/a9s-messaging/add_certificates_and_properties.yml

# a9s PostgreSQL
bosh deploy postgresql-service/postgresql-service.yml -o ops/tls_configurations/a9s-postgresql/add_certificates_and_properties.yml

Existing Data Services


If you have already existing Data Services, you can simply apply the corresponding Ops-file as described above. But please keep in mind that this Ops-file overwrites specific BOSH properties with placeholders.

In this case, you must deploy the new Data Service manifest with the parameter -l. This parameter enables you to provide the IaaS config (anynines-deploymnent/config/iaas-config.yml.example):

bosh -d [Deployment_Name] deploy [Deployment_Manifest] -l [Path_to_IaaS_config] --no-redact

Please refer to the configuration for further instructions.