Certificates and Certificate Rotation - pivotal-cf/TAS-LTS GitHub Wiki
-
Curriculum > Quick Reference Guides and Ecosystem > Certificates and Certificate Rotation
-
-
A certificate authority (CA), also sometimes referred to as a certification authority, is a company or organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates.
- Much of our code, however, takes it one step further and implements Mutual TLS, where the server also authenticates the client. Also, we generally either self-sign certificates in place of using an established CA or use Let's Encrypt to get a free one.
-
-
How to generate and add new credentials in CredHub for the specific environment
- Use the following instruction for creating new credentials like passwords, users, certificates, certificate authorities, ssh keys, RSA keys, and arbitrary values (strings and JSON blobs) in the CredHub. For more information about CredHub API see here
- For creating new CA certificates, first of all, need login to the CredHub and for the specific environment need to export the appropriate variables like the following example:
export BOSH_ENV_NAME=corningexport BOSH_CLIENT=ops_managerexport BOSH_ENVIRONMENT=10.0.0.5export BOSH_CLIENT_SECRET=qXK3dlRXylyv3lbR0Wj5gSWNPKUTUM0-export BOSH_CA_CERT=/var/folders/certexport BOSH_ALL_PROXY="ssh+socks5://[email protected]:22?private-key=/var/folders/id_rsa"export CREDHUB_SERVER="${BOSH_ENVIRONMENT}:8844"export CREDHUB_PROXY="${BOSH_ALL_PROXY}"export CREDHUB_CLIENT="${BOSH_CLIENT}"export CREDHUB_SECRET="${BOSH_CLIENT_SECRET}"export CREDHUB_CA_CERT="${BOSH_CA_CERT}"
- Then call CredHub API to show all certificates:
credhub curl -p "/api/v1/certificates" -X GET | jq .
- For creating and applying appropriate credentials follow 4-8 points in the following document: Generate and Add a CA Certificate
- Click
Review Pending Changesin Ops Manager - Enable the checkboxes for tiles
- Click
Apply Changes
- For creating new CA certificates, first of all, need login to the CredHub and for the specific environment need to export the appropriate variables like the following example:
- Use the following instruction for creating new credentials like passwords, users, certificates, certificate authorities, ssh keys, RSA keys, and arbitrary values (strings and JSON blobs) in the CredHub. For more information about CredHub API see here