Skip to content

Disabling certificate checking for web applications

In certain contexts, it may be necessary to disable web certificate checking for web applications and reverse proxies.

Prerequisites

Have SSH or console access to the relevant Edge Gateway + root superuser access.

Tip

The SFTP or SSH connection to the Edge Gateway can be initiated by a cyberelements.io or cyberelements Cleanroom SSH application.

The parameter is disabled in the Edge Gateway gateway.xml configuration file. This file is located in the /etc/ipdiva/gateway/ directory or in any other /etc/ipdiva/gateway*/ directories if several instances are running in parallel (this is the case, for example, with cluster architecture).

You will need to change the value true to false of the verify-cert tag contained in sslconf:

19
20
21
22
23
24
<session>
    <sslconf name="default">
        <ca-dir>/etc/ssl/certs</ca-dir>
        <verify-cert>false</verify-cert>
    </sslconf>
</session>

After modifying the configuration file, the Edge Gateway will only take the changes into account after a restart.

Warning!

Restarting the Edge Gateway causes a break in user sessions passing through the Edge Gateway in question.

Tip

The Edge Gateway is set by default to restart every day at 6:25 a.m. If the change is not urgent, it will be taken into account the next day.

To restart the main instance, the following command must be executed as root superuser:

1
/usr/local/ipdiva/gateway/bin/restart

The previous command only addresses the main instance. For all other instances, the path to the instance restart script is located in the /usr/local/ipdiva/<INSTANCE_NAME>/bin/restart directory where <INSTANCE_NAME> must be replaced with the name of the Edge Gateway instance.

Example

An Edge Gateway with an additional instance named gateway-additional will see the directories /etc/ipdiva/gateway-additional/ and /usr/local/ipdiva/gateway-additional appear. Therefore, to find out the names of the different instances, simply list the different existing directories:

1
find /etc/ipdiva/ -type d -name "gateway*" | cut -d "/" -f4

Still using the example of an additional instance named gateway-additional, the result of the previous command would be as follows:

1
2
gateway-additional
gateway

Therefore, the configuration file for this instance is /etc/ipdiva/gateway-additional/gateway.xml and the restart command is:

1
/usr/local/ipdiva/gateway-additional/bin/restart