CA Certificates are used as the HTTPS security layer to secure communications across computer networks when using applications.
The domain name of your VotiroVotiro Cloud appliance is used in the CA Certificate, binding the address to the certificate, enabling a secure connection. An example of an appliance address is https://sfg-va.domain.com.
The CA Certificate used with your VotiroVotiro Cloud appliance must be a .pem and .key pair. You can convert the format of your CA Certificate using SSL Certificate software, for example OpenSSL.
Converting a CA Certificate
To convert a CA Certificate in .pfx format with password Pa$$w0rd to a .pem and .key pair, use the following OpenSSL commands:
|n||openssl pkcs12 -in /<path-to-certificate>/certificate.pfx -out /<path-to-certificate>/certificate.pem -nodes -passin pass:<Pa$$w0rd>|
|n||openssl pkey -in /<path-to-certificate>/certificate.pem -out /<path-to-certificate>/certificate.key|
Applying CA Certificate to Kubernetes Cluster
To apply the .pem and .key files to your Kubernetes cluster, use the following sets of commands to first delete, then create, a new certificate in the two namespaces traefik and votiro:
|n||kubectl delete secret traefik-cert -n traefik|
|n||kubectl create secret tls traefik-cert --key=/<path-to-certificate>/certificate.key --cert=/<path-to-certificate>/certificate.pem -n traefik|
|n||kubectl delete secret traefik-cert -n votiro|
|n||kubectl create secret tls traefik-cert --key=/<path-to-certificate>/certificate.key --cert=/<path-to-certificate>/certificate.pem -n votiro|