Enterprise Cloud Service On Boarding – Setup and requirements

Nimer Bsoul
2021-08-31 09:02

The following requirements needs to be provided to complete the enterprise service setup:

  1. An encrypted SSL certificate delivered as follows:

    1. Available subdomain

    2. Second-level subdomain wildcard SSL certificate, ie. *.<CUSTOM_CNAME>

    3. Private .key file (.pem format)

    4. Public .crt file (.pem format)

    5. The Extension to a cert file, ie. bundle/chain. should be appended to the Public .crt file.

    6.  Re-arrange the files as follows:

    > ***DOMAIN***_cert     <DIRECTORY>
        > > ***DOMAIN***.crt    <FILE>
        > > ***DOMAIN***.key    <FILE>

Certificate verification test:
Match check: ensure the md5 is identical in both .key and .crt files, by running the following two commands:

openssl rsa -noout -modulus -in <file.key> | openssl md5
openssl x509 -noout -modulus -in <file.crt> | openssl md5

Expiration check: ensure the certificate is valid, by running the following command:

openssl x509 -noout -dates -in <file.crt>

CNAME check: ensure the certificate is Second-level subdomain wildcard SSL certificate,

openssl x509 -text -noout -in <file.crt> | grep Subject

When you need to provide JFrog with sensitive data, such as SSL certificates and keys for example, you will need to sign your content with  JFrog GPG Key.

Updating your DNS records:
Once your SSL certificate is installed by us, we’ll  provide you with a DNS CNAME record that you’ll need to add to your records.
* Do not change your automation scripts before you have confirmation from the JFrog team and have checked that your requests are sent to your Artifactory Cloud. 

Working with the new custom address:
Each Docker repository in your Artifactory cloud instance can be accessed
using the following DNS record:

“<REPO_NAME>.<CUSTOM-CNAME>”

Therefore, is to add a wildcard entry in your DNS record, such as:

״*.<CUSTOM_CNAME>".

 

e.g. *.jfrog.mycompanyname.com, for any <docker-repo-name>.jfrog.mycompanyname.com

 

2. A list of IP addresses to whitelist/blacklist. As an Enterprise Artifactory Cloud customer you are eligible for using either an IP whitelist or blacklist to limit access to your Artifactory Cloud. To enable this, please provide us with a list of IPs.
Additional IPs can be included later on by contacting our support team.
Note: When using a whitelist approach, requests from a non-whitelisted IP will result in a 403 error. 

3. JFrog plugins. Contact our support team to install JFrog plugins.