How To Replace the TLS Certificate and Private Key

Avatar
Matthew Sanabria
  • Updated

Introduction

The purpose of this document is to help users replace the TLS certificate and private key used by Terraform Enterprise to provide HTTPS connections to client.

Use Case

It may be necessary to replace the TLS certificate and private key for the following reasons.

  • The current TLS certificate is expiring and needs to be updated.

  • The current TLS private key needs to be rotated to comply with security processes.

  • The TLS certificate and private key need to be changed to update details such as the “Common Name”.

Procedure

  • Procure new PEM-encoded TLS certificate and private key files. Usually, these are provided by the team that manages TLS certificates in your organization.

  • Log into the Replicated console on port 8800 of your Terraform Enterprise installation.

  • In the top navigation bar, click the “Dashboard” tab.

  • Stop the Terraform Enterprise application by clicking the “Stop Now” button.

  • Wait for the Terraform Enterprise application to fully stop.

  • In the top right of the navigation bar, click the gear icon, then click “Console Settings”.

  • Navigate to the “TLS Key & Cert” section. There may be up to three radio buttons; “Self-signed (generated)”, “Server path”, and “Upload files”.

    • If the “Server path” radio button is selected:

      • Ensure the new TLS certificate and private key files exist in a path on the Terraform Enterprise instance. This path must differ from the existing TLS certificate and private key path. That is, at a minimum, the new TLS certificate and private key filenames must differ from the existing TLS certificate and private key filenames.

      • Update the “SSL Private Key Filename” field to point to the absolute path of the new TLS private key file.

      • Update the “SSL Certificate Filename” filed to point to the abosolute path of the new TLS certificate file.

    • If the “Upload files” radio button is selected:

      • Under the “SSL Private Key” text, click the “Choose file” button and upload the TLS private key file.

      • Under the “SSL Certificate” text, click the “Choose file” button and upload the TLS certificate file.

      • Both the TLS certificate and private key files will need to be uploaded, you cannot change just one.

  • Once the changes are made, scroll to the bottom of the page and click the “Save” button. Click “Ok” if prompted.

  • In the top navigation bar, click the “Dashboard” tab.

  • Start the Terraform Enterprise application by clicking the “Start Now” button.

  • Wait for the Terraform Enterprise application to fully start.

Articles in this section

See more

Related articles