Amazon Redshift SSL Certificate Update

The necessary changes were made and this update is now confirmed as completed. If customers subsequently experience any issues, please contact support in the usual way.

Amazon is replacing SSL certificates with AWS Certificate Manager (ACM) issued certificates on all Redshift clusters and will be effective on October 23, 2017.

NOTE: Customers that use Redshift Snaps that DO NOT utilize a “Redshift SSL Enabled Instance” will not be affected by this change and no action is required.

More information about ACM can be found at:
http://docs.aws.amazon.com/redshift/latest/mgmt/connecting-transitioning-to-acm-certs.html
http://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html
http://docs.aws.amazon.com/redshift/latest/mgmt/connecting-ssl-support.html

This change will affect SnapLogic customers using Redshift Snaps with a “Redshift SSL Enabled Instance”. In order to comply with Amazon's ACM requirements and not disrupt the execution of any SnapLogic pipelines, customers using Redshift Snaps with a “Redshift SSL Enabled Instance” should immediately follow the appropriate steps below by Sunday October 22, 2017.

Groundplex, Linux Environment:
Update each node in the Groundplex where Redshift pipelines are run by using the following commands:
-sudo su snapuser
-export SL_ROOT=/opt/snaplogic
-wget https://s3.amazonaws.com/redshift-downloads/redshift-ca-bundle.crt
-$SL_ROOT/pkgs/jre1.8.0_45/bin/keytool -import -alias redshift -file redshift-ca-bundle.crt -keystore -$SL_ROOT/pkgs/jre1.8.0_45/lib/security/cacerts -storepass changeit —noprompt

Note:The Java installation folder may not be under $SL_ROOT nor the name is jre1.8.0_45. This may need to be modified based on the installation location of the Java Runtime Environment being used by the plex.

After all nodes are updated, complete the following steps:

-Login to SnapLogic as an Org admin user
-Navigate to the Dashboard tab
-Select the Snaplex that contains the nodes updated above
-Click on the down arrow for each node and select "Restart"

Groundplex, Windows Environment:
Update each node in the Groundplex where Redshift pipelines are run by using the following commands:

-Download the certificate from the following link: https://s3.amazonaws.com/redshift-downloads/redshift-ca-bundle.crt
-Execute following command if JAVA_HOME is the location of the JRE:
-- %JAVA_HOME%\bin\keytool.exe -import -alias redshift -file redshift-ca-bundle.crt -keystore %JAVA_HOME%\lib\security\cacerts -storepass changeit --noprompt

After all nodes are updated, complete the following steps:

-Login to SnapLogic as an Org admin user
-Navigate to the Dashboard tab
-Select the Snaplex that contains the nodes you updated above
-Click on the down arrow for each node and select Restart

Cloudplex:
SnapLogic has updated the ACM certificates on all the UAT and Production based Cloudplex nodes (managed by Snaplogic).

Please follow the steps below:

-Login to SnapLogic as an Org admin user
-Navigate to the Dashboard tab
-Select the Snaplex that contains the nodes that run Redshift pipelines
-Click on the down arrow for each node and select Restart

We apologize for this inconvenience and encourage you to contact SnapLogic Support if you have any issues with the above.

Thank you,

The SnapLogic Product Team