A Guide to Updating SSL Certificates in Zetaly Suite

  • Updated on Apr 2, 2026
  • Published on Mar 31, 2026
  • 2 minute(s) read
  • Vincent ALLOO
 Prev

Certificate Verification

The Common Name (CN) of the certificates must match the URL defined by the Frontal.Host.Base parameter (for the Zetaly Suite) and the application_dns_name parameter (for Sisense).

Three steps are required to verify the certificates before deployment:

  • 1. Matching Public and Private Keys: 

    • openssl rsa -modulus -in domain.key -noout | openssl md5 
    • openssl x509 -modulus -in domain.crt -noout | openssl md5

    • The two MD5 hashes must be identical.

  • 2. Check Validity Dates: 

    • openssl x509 -inform pem -noout -text -in domain.crt

    • The "Validity" section must be correct.

  • 3. Check the Common Name (CN): 

    • openssl x509 -inform pem -noout -text -in domain.crt

    • The "Subject / CN" section must match the portal URL.

    • In some cases, this information is found in the "X509v3 extensions / X509v3 Subject Alternative Name" section.

Zetaly Suite

In the zetalyinstall.cnf file, SSL certificates are used by two modules with specific parameters:

  • Zetaly Frontal: Frontal.Certif.Crt (public key) and Frontal.Certif.Key (private key).

  • Zetaly KeyCloak: KeyCloak.Certificate.File (public key) and KeyCloak.Certificate.KeyFile (private key).

  • Note: If KeyCloak parameters are not defined, the frontal parameters are used by default.

Standard procedure

Ideally, to update the certificates, simply place the new files in the location defined in zetalyinstall.cnf and run the installation procedure (run.sh).

Manual Update Procedure

Zetaly Frontal

  1. Copy the new certificates into the directory defined in zetalyinstall.cnf (to ensure they are used for future updates).

    • The installation directory is defined by Installation.Directory.

    • If not defined, the zetaly directory (at the source root) is used.

  2. Copy certificates to {Installation.Directory}/frontal/dist/src/assets/secrets.

  3. Files must be named domain.crt (public key) and domain.key (private key).

  4. Restart the ZFR service.

Zetaly Keycloak

  1. Copy the new certificates into the directory defined in zetalyinstall.cnf.

    • The Keycloak installation directory is defined by Folder.KeyCloak.

    • If not defined, /usr/local/bin/keycloak is used.

  2. Copy certificates to {Folder.KeyCloak}/certs.

  3. Files must be named domain.crt (public key) and domain.key (private key).

  4. Restart the Keycloak service.

Sisense

In the single_config.yaml configuration file, certificates are defined by:

  • ssl_cert_path (public key)

  • ssl_key_path (private key)

Standard procedure

Ideally, place the new certificates in the location defined in single_config.yaml and run the update procedure: update: true.

Manual Update Procedure (Not officially supported by Sisense)

  1. Copy the new certificates into the directory defined in single_config.yaml.

  2. Copy the new certificates under /opt/sisense/config/ssl.

  3. Update the Kubernetes cluster information: 

    • kubectl create secret tls sisense-tls -n sisense --dry-run -o yaml --key /opt/sisense/config/ssl/<private key name> --cert /opt/sisense/config/ssl/<public key name> | kubectl apply -f -

  4. Restart the Nginx pod: 

    • kubectl -n default delete pod -l app.kubernetes.io/name=ingress-nginx --force --grace-period=0

We are pleased to announce the release of Zetaly Suite version 5.1. This major update focuses on improving data ingestion, facilitating data exploration, and strengthening performance to manage even higher volumes, particularly for mainframe data (SMF).