Modifying the SSL Certificates used by PCFDev

PCFDev allows developers and operators to run Pivotal Cloud Foundry in a single VM on their own machines. It is deployed as a Vagrant image with many sensible defaults. This includes a single wildcard domain, *, and a single self-signed SSL certificate for use with that domain. But, what if I wanted to use other wildcard domains and certificates?

PCFDev does not take advantage of a local load balancer, so you simply need to update the SSL certificates being used by the gorouter. Since PCFDev uses Vagrant, you simply need to ssh into the running VM using vagrant ssh, and use the openssl tool to generate your new certificates. The following steps also move the original certs into a backup directory in case you want to switch back to those default certs.

sudo su -
cd /var/vcap/jobs/gorouter/config
mkdir bak
mv *.pem ./bak
openssl ecparam -genkey -out key.pem -name prime256v1
openssl req -x509 -new -key key.pem -out cert.pem -extensions server_req_extensions -config temp.cnf
monit restart gorouter

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.