<FQDN>
below.<FQDN>
: tls.crt
<FQDN>
: tls.key
.intermediate.pem
.rootca.crt
.cert.pem
privkey.pem
.chain.pem
.<DEPLOYMENT-FQDN>
below.*.<DEPLOYMENT-FQDN>
: wildcard.crt
*.<DEPLOYMENT-FQDN>
: wildcard.key
https://curl.se/ca/cacert.pem
DIY-SSL-CA/CA/pubCA.crt
in your unpacked installer assets.ae-admin
role. The anaconda-enterprise
account has this role by default, for instance.
<FQDN>
tls.crt
/ cert.pem
tls.key
/ privkey.pem
rootca.crt
, if applicableintermediate.pem
/ chain.pem
, if applicable<DEPLOYMENT-FQDN>
, or <FQDN>
if identical. Do not include an asterisk.wildcard.crt
if different; tls.crt
/ cert.pem
if identical.wildcard.key
if different; tls.key
/ privkey.pem
if identical.kubectl
access to the cluster (for example, the master node),
and make sure all of the files mentioned above have been transferred there,
including the root CA trust file cacert.pem
. For convenience, here is a
simple command to download the latest version of that file:
cacert.pem
per the instructions above.
If you have a private root CA, append it to that file:
fullchain.pem
has already been provided for you.
certificates.yaml
file, that you’ll be updating in the next several steps
privkey.pem
instead:
grep
command; if all of the substitutions have been made, it should
return nothing: