Introduction
Allows access to all services Terraform Enterprise integrates with (VCS providers, Database servers, Log forwarding destinations) that make use of certificates issued by a Private Certificate Authority (not publicly trusted).
Prerequisites
- Terraform Enterprise
- Replicated
Procedure
- Please verify the file containing the certificate chain is in PEM format and certificates are in the correct order. Note that because TLS servers will provide the site certificate to clients, only Intermediate and Root CA need to be added for TLS validation.
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE----- -
Access the Replicated Console at https://$TFE_HOSTNAME:8800/settings#TLS , paste the certificate chain and click on Save. Restart the Terraform Enterprise application when prompted to apply the changes.
- For Active/Active deployments: SSH into the Terraform Enterprise host, copy the certificate chain file to the local filesystem and execute the following commands.
# Import your certificate chain into the Terraform Enterprise application
replicatedctl app-config set ca_certs --value "$(cat /local/path/to/cert_chain.crt)"
# Verify the format is correct (should match your PEM file)
replicatedctl app-config export --template '{{.ca_certs.Value}}'
# Apply the configuration changes (restart)
replicatedctl app apply-config