SSL Certificates and Licensing Placement

This section describes the steps to apply SSL or the DB client certificate.

• The .crt file is the signed certificate obtained from a Certificate Authority (CA).
• The .key file contains the private key.
   

Steps to Obtain Certificate:

• Contact a  Certificate Authority (CA) with a CSR (Certificate Signing Request) generated. The CA uses this CSR to provide the load balancer SSL certificates.
   

To Place Certificate

• After receiving the load balancer SSL or DB client certificate, place the certificate in the common-volume/controltower/data/certificates folder of the controltower pod. 

   

  kubectl cp "<CERTIFICATE>" "<CONTROLTOWER_POD>:common-volume/controltower/data/certificates/" -c controltower --namespace "<NAMESPACE>"

  
  

  NOTE:

  Ensure the DB certificate key and certificate file name are database-pkcs8.key and database.crt, respectively. To generate the database-pkcs8.pk8 certificate from database-pkcs8.key certificate use openssl pkcs8  -nocrypt -topk8 -inform PEM -in database-pkcs8.key -outform DER -out database-pkcs8.pk8 -v1 PBE-MD5-DES  command.