Introduction
This guide describes how to install a Certificate Authority (CA) bundle on Terraform Enterprise using the command line interface (CLI). This method is useful for instances running in Active/Active mode where the user interface is disabled, or when the CA bundle contains a large number of certificate chains.
Expected Outcome
You will successfully install a CA bundle on your Terraform Enterprise instance from a file using the CLI.
Prerequisites
- Administrative shell access to the Terraform Enterprise instance.
- A valid CA bundle saved in a file (e.g.,
ca_bundle.pem). The file must be PEM coded and the certificates must be ordered correctly.
Procedure
This procedure requires restarting the Terraform Enterprise application to apply the changes.
-
Create a backup of the current application configuration. This command saves the configuration to a file named
app-conf.txt.# replicatedctl app-config export > app-conf.txt
-
Import the CA bundle file. This command reads the contents of
ca_bundle.pemand sets it as the value for theca_certsconfiguration key.# tfe-admin app-config -k ca_certs -v "$(cat ca_bundle.pem)"
-
Validate that the
ca_certsvalue was updated correctly by exporting the configuration and checking the key.# replicatedctl app-config export | grep -A1 'ca_certs'
-
Apply the new configuration and restart the Terraform Enterprise application.
# replicatedctl app apply-config