Introduction
Allows access to all services Terraform Enterprise integrates with (VCS providers, Database servers, Log forwarding destinations) that make use of certificates issued by a Private Certificate Authority (not publicly trusted).
Prerequisites
- Terraform Enterprise (All Versions)
Procedure
- Please verify the file containing your certificate chain is in PEM format and certificates are in the correct order. Note that because TLS servers will provide the end-entity certificate (aka the serving certificate) to clients, only Intermediate and Root CAs need to be added for TLS validation.
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE----- -
Access the Replicated Console at https://$TFE_HOSTNAME:8800/settings#TLS , paste your certificate chain and click on Save then restart the Terraform Enterprise application when prompted to apply the changes.
- For Active/Active deployments or if you prefer using the CLI, first SSH into the Terraform Enterprise host and copy the certificate chain file to the local filesystem, then execute the following commands.
# Import your certificate chain into the Terraform Enterprise application
replicatedctl app-config set ca_certs --value "$(cat /local/path/to/cert_chain.crt)"
# Verify the format is correct (should match your PEM file)
replicatedctl app-config export --template '{{.ca_certs.Value}}'
# Apply the configuration changes (restart)
replicatedctl app apply-config