Environment Setup
Prior to starting the labs, there are a few steps that need to be completed first.
Create certificates
Your lab environment has been provisioned with a set of free LetsEncrypt certificates to allow for trusted communication to be established between the various components. Most customers will use their own certs, but for this exercise, we’ll use the free certs, but we need to chop them up into the subsets that TAS and TPA require.
-
Open the terminal and copy and paste (you can click the small icon to the right of the command to copy, and then CTRL-V or CMD-V on MacOS to paste) the following and press Enter to run the command:
for prod in rhtas rhtpa; do TMPDIR="$(mktemp -d -t certsplit.XXXXXX)" && \ cd $TMPDIR && \ sudo csplit -s -z -f cert- -b ${prod}-%02d.pem /etc/letsencrypt/live/${prod}.{base_hostname}/fullchain.pem '/.*BEGIN CERTIFICATE.*/' '{*}' && \ sudo cat cert-${prod}-00.pem cert-${prod}-01.pem > /home/lab-user/${prod}-server.pem && \ sudo cat cert-${prod}-02.pem > /home/lab-user/${prod}-root.pem && \ sudo cp /etc/letsencrypt/live/${prod}.{base_hostname}/privkey.pem /home/lab-user/${prod}-privkey.pem && \ sudo chown lab-user /home/lab-user/${prod}*.pem && \ sudo chmod 660 /home/lab-user/${prod}*.pem && \ cd /home/lab-user && \ sudo rm -rf $TMPDIR && \ ls -l /home/lab-user doneThis command creates a temporary directory, splits the RHTPA and RHTAS certificate into multiple certificate and key files, and copies the certificate and private key to the
lab-userhome directory.