https://live.paloaltonetworks.com/t5/general-topics/changing-ssl-certificate-on-the-minemeld-docker-container/m-p/190562#M99448 <P>Team,</P> <P>&nbsp;</P> <P>Does anyone have some guidance on changing out the SSL certificates on the MineMeld Docker container? Should we modify the dockerfile to include a COPY command? Is there a way to just shunt it in via mapping an additional VOLUME during the "docker run"?</P> <P>&nbsp;</P> <P>Thanks again for an awesome tool!</P> <P>&nbsp;</P> <P>Regards,</P> <P>Nasir</P> Thu, 07 Dec 2017 05:45:20 GMT nbilal 2017-12-07T05:45:20Z https://live.paloaltonetworks.com/t5/general-topics/changing-ssl-certificate-on-the-minemeld-docker-container/m-p/190562#M99448 <P>Team,</P> <P>&nbsp;</P> <P>Does anyone have some guidance on changing out the SSL certificates on the MineMeld Docker container? Should we modify the dockerfile to include a COPY command? Is there a way to just shunt it in via mapping an additional VOLUME during the "docker run"?</P> <P>&nbsp;</P> <P>Thanks again for an awesome tool!</P> <P>&nbsp;</P> <P>Regards,</P> <P>Nasir</P> Thu, 07 Dec 2017 05:45:20 GMT https://live.paloaltonetworks.com/t5/general-topics/changing-ssl-certificate-on-the-minemeld-docker-container/m-p/190562#M99448 nbilal 2017-12-07T05:45:20Z https://live.paloaltonetworks.com/t5/general-topics/changing-ssl-certificate-on-the-minemeld-docker-container/m-p/190578#M99449 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/18892">@nbilal</a>,</P> <P>&nbsp;</P> <P>I just build a new docker image based on the jtschichold/minemeld one.</P> <P>&nbsp;</P> <P>Create a new folder and place there the certificate components (minemeld.cer, minemeld.pem). In that same folder create a file named 'Dockerfile' with the following contents:</P> <P>&nbsp;</P> <PRE>FROM jtschichold/minemeld ADD minemeld.cer /etc/nginx ADD minemeld.pem /etc/nginx </PRE> <P>Then run the command '<FONT face="andale mono,times">docker build -t myminemeld .</FONT>' in that folder. A new docker image called 'myminemeld' will be created with your certificates in it.</P> <P>&nbsp;</P> Thu, 07 Dec 2017 08:01:13 GMT https://live.paloaltonetworks.com/t5/general-topics/changing-ssl-certificate-on-the-minemeld-docker-container/m-p/190578#M99449 xhoms 2017-12-07T08:01:13Z https://live.paloaltonetworks.com/t5/general-topics/changing-ssl-certificate-on-the-minemeld-docker-container/m-p/190596#M99450 <P>Thanks&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/6710">@xhoms</a>!</P> <P>&nbsp;</P> <P>This worked perfectly. I didn't realize playing with the container filesystem was so&nbsp;easy! For reference for others, here's the process I went through to get the new certs on, build the new container, and launch it with the appropriate options:</P> <P><STRONG></STRONG></P> <P><STRONG># SCP THE PKCS12 BSTAR WILDCARD CERT TO DOCKER HOST (docker host is 10.1.1.1)</STRONG><BR />scp wildcard.domain.com.p12 user@10.1.1.1:~/<SPAN>wildcard.domain</SPAN>.com.p12</P> <P>&nbsp;</P> <P><STRONG># EXTRACT KEY AND CERT FILES FROM THE PKCS12 (assuming that it’s password-protected with ‘paloalto')</STRONG><BR />openssl pkcs12 -in <SPAN>wildcard.domain</SPAN>.com.p12 -out minemeld.cer -clcerts -nokeys -passin pass:paloalto<BR />openssl pkcs12 -in <SPAN>wildcard.domain</SPAN>.com.p12 -out minemeld.pem -nocerts -nodes -passin pass:paloalto</P> <P>&nbsp;</P> <P><STRONG># CREATE A DOCKERFILE TO REBUILD MINEMELD CONTAINER WITH THE NEW CERT INCLUDED</STRONG><BR />vi Dockerfile</P> <P>&nbsp;</P> <P>FROM jtschichold/minemeld<BR />ADD minemeld.cer /etc/nginx<BR />ADD minemeld.pem /etc/nginx</P> <P>&nbsp;</P> <P><STRONG># BUILD THE NEW DOCKER CONTAINER</STRONG><BR />docker build -t my_minemeld .</P> <P>&nbsp;</P> <P><STRONG># RUN THE NEW DOCKER CONTAINER</STRONG><BR />docker run -dit --name mm_01 --restart unless-stopped --tmpfs /run -v /opt/minemeld-docker/:/opt/minemeld/local -p 443:443/tcp my_minemeld</P> Thu, 07 Dec 2017 17:31:55 GMT https://live.paloaltonetworks.com/t5/general-topics/changing-ssl-certificate-on-the-minemeld-docker-container/m-p/190596#M99450 nbilal 2017-12-07T17:31:55Z