SAP Customer Data Cloud Positions

SSL Certificate Updates

Skip to end of metadata
Go to start of metadata

This page contains information about certificate updates to the SAP Customer Data Cloud services, and information for testing the new certificates. 

March 16, 2020

The certificate of our RU1 datacenter will be replaced. 

Testing Information

  • Test server hostname: lt1.ru1.gigya.com
  • Test server IP: 95.213.238.72
  • Run a check against the IP address or hostname above. You can use hosts file to change accounts.ru1.gigya.com to point to 95.213.238.72. After saving the hosts file, please do a ping-command to accounts.ru1.gigya.com to verify that IP: 95.213.238.72 is used.

February 3, 2020

Testing Information

Prerequisites for Testing

  • Administrator rights to change the HOSTS-file on the Operating System. 

     

    Make sure not to test through a VPN, it might override your local HOSTS-file.

  • Able to perform dig/ping commands: Mac/Linux: Terminal or Windows: Command Prompt. 
  • Internet Browser: Google Chrome is recommended.

What is Akamai Staging?

Within Akamai, there are two environments, the Akamai Staging and Akamai Production environments. Outside of several minor differences, both act similar. The Akamai Staging network is a small set of EdgeServers and is used of testing configurations. The Akamai Staging environment is only for functional testing and not meant for performance testing. 

STEP 1: Get an Akamai Edgeserver IP-Address

To be able to test a configuration on the Akamai Staging network, a tester is required to spoof his or her HOSTS file to send end-user request for a particular domain/hostname to an Akamai Staging EdgeServer.
Find Akamai staging IP address for both cdns.gigya.com and for gigya.com by running these two commands:

CDNS.GIGYA.COM Certificate

The following command:

$ dig e8333.g.akamaiedge-staging.net

Should return the following: 

; <<>> DiG 9.10.6 <<>> e8333.g.akamaiedge-staging.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54149
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;e8333.g.akamaiedge-staging.net. IN A

;; ANSWER SECTION:
e8333.g.akamaiedge-staging.net. 20 IN A 23.201.228.185

;; AUTHORITY SECTION:
. 6450 IN NS c.root-servers.net.
. 6450 IN NS l.root-servers.net.
. 6450 IN NS a.root-servers.net.
. 6450 IN NS m.root-servers.net.
. 6450 IN NS b.root-servers.net.
. 6450 IN NS g.root-servers.net.
. 6450 IN NS i.root-servers.net.
. 6450 IN NS j.root-servers.net.
. 6450 IN NS e.root-servers.net.
. 6450 IN NS f.root-servers.net.
. 6450 IN NS h.root-servers.net.
. 6450 IN NS k.root-servers.net.
. 6450 IN NS d.root-servers.net.

;; Query time: 78 msec
;; SERVER: 10.26.80.50#53(10.26.80.50)
;; WHEN: Tue Jan 28 10:10:03 IST 2020
;; MSG SIZE rcvd: 283


GIGYA.COM Certificate

The following command:

$ dig e6600.b.akamaiedge-staging.net

Should return the following: 

; <<>> DiG 9.10.6 <<>> e6600.b.akamaiedge-staging.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17342
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;e6600.b.akamaiedge-staging.net. IN A

;; ANSWER SECTION:
e6600.b.akamaiedge-staging.net. 20 IN A 23.44.125.77

;; AUTHORITY SECTION:
. 7250 IN NS j.root-servers.net.
. 7250 IN NS f.root-servers.net.
. 7250 IN NS e.root-servers.net.
. 7250 IN NS d.root-servers.net.
. 7250 IN NS i.root-servers.net.
. 7250 IN NS h.root-servers.net.
. 7250 IN NS l.root-servers.net.
. 7250 IN NS b.root-servers.net.
. 7250 IN NS c.root-servers.net.
. 7250 IN NS g.root-servers.net.
. 7250 IN NS m.root-servers.net.
. 7250 IN NS k.root-servers.net.
. 7250 IN NS a.root-servers.net.

;; Query time: 148 msec
;; SERVER: 10.26.80.50#53(10.26.80.50)
;; WHEN: Tue Jan 28 09:56:43 IST 2020
;; MSG SIZE rcvd: 283

 

The IP address in the answer section will be used for the spoofing in the next step.

STEP 2: Spoof by Modifying the HOSTS file

Now these IP-address needs to be added to the HOSTS-file of the Operating System.

  • For Windows: C:\system32\drivers\etc\hosts
  • For MAC/Linux OS: /etc/hosts

Once you open this file in a text processor like Notepad, you can add the following lines (IP addresses are the ones found on step 1):

23.201.228.185 cdns.gigya.com
23.44.125.77 accounts.us1.gigya.com

After saving the file, do a ping-command to the website to verify that the correct Akamai IP-address is used.

STEP 3: TEST THE NEW CERTIFICATE

  1. Open a new incognito chrome windows and browse into https://cdns.gigya.com/gs/ver.htm and another window for https://accounts.us1.gigya.com/gs/ver.htm
  2. Check the certificate expiration date on both websites. It should show 27 March 2021. 

 

 

 

 

 

  • No labels