Ensure portal uses correct X509 certificates
We've run into issues where after an upgrade of the
dataone-cn-portal package on the CNs, the properties pointing to the public certificate and private key are incorrectly pointing to the old GeoTrust wildcard files rather than the new Lets Encrypt files:
These should be (in STAGE):
The issue might be that these are not being set correctly during the
postinst script run. Jing pointed out that these values are taken from the debconf database settings that get set when
dataon-cn-os-core is installed. So although the
postinst script might be setting the correct values, the old cached values might still be in memory in the debconf database. If so, we'll need to clear those values during installations and upgrades.
Also, knowing where to look for these configuration settings can be challenging. These are referenced from
/var/lib/tomcat7/webapps/portal/WEB-INF/portal.properties. These settings should be consolidated into
/etc/dataone/portal/portal.properties so they also don't get blown away on war file upgrades in Tomcat.