Instead of using the user interface to upload the CA Bundle certificate chains, in some cases, it may be beneficial to use the CLI (command line interface) to install the entire CA bundle chains placed in a
.json file format. This is especially helpful for Terraform Enterprise installs that are running in Active/Active mode where the UI is disabled or mostly when the CA bundle contains a bevy of certificate chain lines.
This procedure requires restarting the Terraform Enterprise Application process to apply the changes.
Copy the entire contents of the CA bundle into a file such as
file.json. There is no restriction on the file name but the extension needs to be
.json. Ensure the contents of the file are formatted in accordance with PEM coding and the certs are ordered appropriately.
Next, use this command to make a backup copy of the replicated app configurations.
replicatedctl app-config export > app-conf.txt
Import the contents of the CA bundle certs file created in step 1 using the command
tfe-admin app-config -k ca_certs -v “$(cat file.json)”
Check and validate the contents of the ca_certs value by running
replicatedctl app-config export or replicatedctl app-config export | grep -A1 'ca_certs'
- Restart the TFE app and apply the changes
replicatedctl app apply-config
- How to setup Terraform Enterprise with a CA Authority (CA) Bundle
- For additional assistance please contact HashiCorp Support.