Configuring a custom Secure Sockets Layer (SSL) certificate
You can configure an SSL certificate to encrypt your organization's data exchanged between the browser and the HCL DevOps Velocity (Velocity) application.
Before you begin
- Ensured that the Kubernetes cluster is set up on the host system and have sufficient cluster-level permission.
- Installed Helm on the Kubernetes cluster. See Installing Helm.
- You must have created an SSL certificate and got the key.pem and certificate.crt file.
About this task
The helm install will automatically create a self-signed certificate and it is stored
in a default TLS secret with the name accelerate-tls
to match
the ingress domain. You can update the self-signed certificate with a custom SSL
certificate if you have an SSL certificate by a trusted Certifying Authority (CA).
To update a custom SSL certificate you must create a secret in the Kubernetes
cluster by following the steps in this task and you can provide the name of the new
secret that you created for the tls.secret
parameter in the helm
install command during installation.
Procedure
-
If you don't have an SSL certificate you can generate an OpenSSL certificate
and get the certificate.crt and
key.pem files. To create an OpenSSL certificate
perform any of the following steps:
- On the Linux operating system, enter the following command in command
line to create the certificate and
key.
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.crt
The certificate.crt and key.pem files will be created in the directory from which you ran the command.
- On the Windows operating system, enter the following command in Git to
create the certificate and key.
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.crt
Git creates the certificate.crt and key.pem files in Program Files\Git\usr\bin directory.
- On the Linux operating system, enter the following command in command
line to create the certificate and
key.
-
Navigate to the directory where the certificate.crt and
key.pem files are available and run the following
command:
kubectl create -n <custom_namespace_name> secret tls velocity-custom-tls --key <key.pem> --cert <certificate.crt>
The following message is displayed:secret/velocity-custom-tls created
.