Import Let's Encrypt certificates for GCP Platform into truststore

 

The GCP Platform has new certificates issued from Let's Encrypt, not from DigiCert. This helps provide better security and customer experience.

If your Symphony Pod is scheduled to be migrated to our new Google Platform, please check if you have the latest Let's Encrypt Root and Intermediate certificates within your default CACERT or Custom truststore. If you do not have the latest certificates, you need to import the relevant certificates. 

 

This is required to keep your components, applications, and bots working seamlessly post-migration. Steps to import the Let's Encrypt Root and Intermediate Certificates into your respective truststores can be found below and you can learn more about the commands to do so in this article.

 

The certificates are on the Let's Encrypt website and we have made the ones Symphony uses available below (Table 1) in two formats (DER and PEM) directly from Let's Encrypt.

 

Format Certificate Type Certificate Download URL
DER Root https://letsencrypt.org/certs/isrgrootx1.der
DER Intermediate https://letsencrypt.org/certs/lets-encrypt-r3.der
PEM Root https://letsencrypt.org/certs/isrgrootx1.pem
PEM Intermediate https://letsencrypt.org/certs/lets-encrypt-r3.pem

Table 1: Certificate outline availability table

 

Use a Linux command to download the certificates to your local machine and import them into your respective truststores (Section 1). 

 

Section 1: Linux command to download the Root & Intermediate certificates.

 

Additionally, if you want to convert the PEM file to CER format, download the PEM file using the Linux commands above (Section 1) and follow the commands below (Section 2) to convert it to a CER.

 

$ openssl x509 -inform PEM -in isrgrootx1.pem -outform DER -out isrgrootx1.cer 
$ openssl x509 -inform PEM -in lets-encrypt-r3.pem -outform DER -out lets-encrypt-r3.cer

Section 2: Conversion of PEM to CER commands

 

Please note, once the certificates are imported, you will need to restart the component, application, or bot for it to pick up the new certificates.

 

This migration will help Symphony to provide higher service availability, improved scalability, and the frequent delivery of new capabilities without downtime.

Symphony instances hosted by Google Cloud Platform (GCP) will deliver the same features, functionality, and security tenets along with all other operational elements.