changing-tls-certificates.md
No OneTemporary
Actions

Authored By

Unknown

Size

8 KB

Referenced Files

None

Subscribers

None

changing-tls-certificates.md
View Options

	# Changing the TLS certificate

	The used TLS certificate is managed in `values.yaml`, and are applied via `kolabctl apply`

	## Let’s Encrypt

	Requirements:

	* Your system must be publicly available (with IP and DNS), because the Let's encrypt service will have to verify domain ownership.
	* Your system must be able to resolve it's own domain name (because of internal checks by cert-manager).

	To make use of automatically renewed let’s encrypt certificates, apply the following configuration:

	```
	certManager:
	letsencryptIssuer:
	enabled: true
	email: "admin@DOMAIN"

	tlsSecret:
	name: kolab-cert-letsencrypt
	type: letsencrypt
	```

	### Troubleshooting

	Please refer to <https://cert-manager.io/docs/troubleshooting/acme/>

	## Manual certificate management

	Adjust the following section in `values.yaml` to include your new certificate.

	```
	tlsSecret:
	name: kolab-cert-static
	type: static
	crt: \|
	TLS_CERT
	key: \|
	TLS_KEY
	ca: \|
	CA_CERT
	```

	Insert your certificate at the TLS_CERT/TLS_KEY/CA_CERT markers as in the following example.

	```
	tlsSecret:
	name: kolab-cert-static
	type: static
	crt: \|
	-----BEGIN CERTIFICATE-----
	MIIFbzCCA1egAwIBAgIUTUa/k0pj14OpfcDhl7bscecMD58wDQYJKoZIhvcNAQEL
	BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yNTAyMTUyMDIwMjRaFw0yNTAz
	MTUyMDIwMjRaMDIxEzARBgNVBAoMCkV4YW1wbGUgQ0ExGzAZBgNVBAMMEnNpbmds
	ZS5rM3Mua2xhYi5jYzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALnU
	J4Dy9GCzEG/mciw2Kse6O7s7meF4IK+cE9o2fIQAntIziEVTdgJjMgN4zef865py
	0NMjZFOhWc/jjcaFj7v/cdgvNRYaD5BB1L0UQO+U7zokKQj07JCKsEWS3/V52WYC
	gH31hPmAzpFdnYPdPs9je8LAHmNEoAi5iWrdJJEn+W+vFdnRciufzvaMWHRhQrmM
	eg9PJMcP6k9TvuPlN0I5l/jhlUKwD8POxEDNe+sex3Mn/uwcrHvjBbLuS9Xv0AC4
	28jVjjd2gZJirWq+nlKFJJzbRov0+HGiKY+jNybCuxhvnCZ/xUylTuwyIfxZQZYL
	SKsaiiDaZu3gObWHsBRaSDX17DPhFARgigM05sjoRQRKmSh0Now/3MNzqFxcysMo
	D27IXFHZM5z/a+yttIWIbL8yj1iohXAsL8qqhd1dNs5fd7UhQOJs257lhEbEomGA
	o0N29Kp701Mrlw8J/uesd3HKgtTvclHHKtuf0Qd1P1692NUkvEP/AIj0nDb9sekz
	Qx30l/8APhf3cR7y4zb5fUqLI6foeMEHbsx653xsmCI6xYQlMU4F4lAu7j8LkTz8
	i698DwBhBoEAhBpbfAOSH2L9V0rdWh44Nyma6IY5bhbQ+z1NYHQmWzrKaFvQVwqs
	G0HCKGosVp+tiYji3b6lx2QNm3Fxjk30nTzdj3gpAgMBAAGjgZkwgZYwVAYDVR0R
	BE0wS4ISc2luZ2xlLmszcy5rbGFiLmNjghhhZG1pbi5zaW5nbGUuazNzLmtsYWIu
	Y2OCG3NlcnZpY2VzLnNpbmdsZS5rM3Mua2xhYi5jYzAdBgNVHQ4EFgQUVGhCdr/L
	qAYSysFBHHX4YLswymQwHwYDVR0jBBgwFoAUBC6mMItXqAZuXWiHsb6Q4RpjCqww
	DQYJKoZIhvcNAQELBQADggIBAJIyvkQKBc2w/mXIBGknuTIbvVK5VKMhH/cZQ++f
	VxIhJ+f5mIWkHLt19WM3/ZHjRBDldU9mNUFHsgT/d6Vdn4RIIb2+Jg3pmGfGq5fW
	+WwSG8LWfeJvXHvznjxbSsTKlvIa5kAx8ZKrgkh+U9h7DgkC9oFgyDdA46qdmlUj
	xzmXsX5XKS/vuGJzzPISPjD0QnR7wZswod1u9iYfwFESRWJ2QNKCzld472S4MShe
	m3x7vEQHvvReCFS1C6WVEwJX98kTTzx/IlVxkfOR/0AE2n0ot+LLLiUYmv4FMt76
	VerPIedTlGoTZ1egxkdgq0q6Igr3sZO5E/2hLPBWJIz8RB1qnX28EDJB1mkzgCnU
	8xOslFP3CRrKGp+mBnt7urF1fiH5841sakQGSj51Lg5pvKa1ccpL9yJ92WxuzHlY
	SiCpZE1XqjKtcsqrJuEcf36sIuH7VIw/My8x6zv1Fq75RA0g7yV53ENQY4Fhv7tH
	/reuoeXMKvltPWc3bi+icRllFdO30HOiHzAqr5Sp/9P+x0nrydFYydgmgA9AioEY
	/dZpmNp2YSHoCGAzHTcdMrmCo/3BXrlzLlWxCtPV1cTlM3nTNPb0qarPN3JUYs5E
	+ZEyVAYWzRCFevCSeQBA5+iYvqkeNP+WimVEP6L2qUmc5kQqziGdDMJfBEupu6oZ
	biFf
	-----END CERTIFICATE-----
	key: \|
	-----BEGIN PRIVATE KEY-----
	MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC51CeA8vRgsxBv
	5nIsNirHuju7O5nheCCvnBPaNnyEAJ7SM4hFU3YCYzIDeM3n/OuactDTI2RToVnP
	443GhY+7/3HYLzUWGg+QQdS9FEDvlO86JCkI9OyQirBFkt/1edlmAoB99YT5gM6R
	XZ2D3T7PY3vCwB5jRKAIuYlq3SSRJ/lvrxXZ0XIrn872jFh0YUK5jHoPTyTHD+pP
	U77j5TdCOZf44ZVCsA/DzsRAzXvrHsdzJ/7sHKx74wWy7kvV79AAuNvI1Y43doGS
	Yq1qvp5ShSSc20aL9PhxoimPozcmwrsYb5wmf8VMpU7sMiH8WUGWC0irGoog2mbt
	4Dm1h7AUWkg19ewz4RQEYIoDNObI6EUESpkodDaMP9zDc6hcXMrDKA9uyFxR2TOc
	/2vsrbSFiGy/Mo9YqIVwLC/KqoXdXTbOX3e1IUDibNue5YRGxKJhgKNDdvSqe9NT
	K5cPCf7nrHdxyoLU73JRxyrbn9EHdT9evdjVJLxD/wCI9Jw2/bHpM0Md9Jf/AD4X
	93Ee8uM2+X1KiyOn6HjBB27Meud8bJgiOsWEJTFOBeJQLu4/C5E8/IuvfA8AYQaB
	AIQaW3wDkh9i/VdK3VoeODcpmuiGOW4W0Ps9TWB0Jls6ymhb0FcKrBtBwihqLFaf
	rYmI4t2+pcdkDZtxcY5N9J083Y94KQIDAQABAoICAFheH+79GeMGI/HilzaZB5z0
	3cS6ogGLO5fm07X4JRwso1n4MXwuJTcbbsQh5WDFcFCA+vb8pI/0cZ4fauMVznUr
	Ezsnr8nz2KTT+VN01zBXFbADVBQzTG+r1AkxwBieuhf9Zpb/cx2m+BQ+fVIgmubK
	OycwbwLrtmKPwF42DVaNuNs4Wl67b9x44VVzBflJ6w4LVFwFWcrjsZvJikQbUzzF
	4JP0yiLtUIHfyIm8bYowl84WHe6v8AH1wlcFZMC2iqZdQf7uNvP/AbzX+fmB7g31
	zKRezdxuQNrgr3zjs61V+tyy7oGMTwmUrsQ5TtoOo9azRPpA46Cd20aRU0AU51Dl
	YRjK09hNRCa7Y4m/FbowABZjTH/VFqKO1Jmemjz3kVdKZrjZuVArtB92CWe+7vCq
	9ZGztZV3lreZQ2AJI5HUk7GO6fOay9KTGG5kChPF4sdiSoujnIgeTUnxZRd3H1Th
	ahKSAWYQUgpgsuqrqVnViKVW7c2b4oY1B70XN8v3y8itFTMycu+B91ulBCBT7kEc
	pXCAc73vjUSpPCsmD6cso1lqL9DVeAyAwQ9GIF2DEvIXLrJFNx5J9Keocxgat3Pi
	MVPQslNl50nMrbtWFqRQWQWlUj41se59hFyYwcXRH/Tcy3JJ+WPaahlImY11QaVC
	9beW1j0dLZ5Pq232srX1AoIBAQD2kx2UZYCPLz1oAmQF8hNkD0mhGMu8O2Vb1cU2
	qBmEXiU+wKt8Hg6MqpVzcdNQ52hwnvjweNgi07Xady2szPG/ylYFZvrZjUGZONKs
	3OVoDt7xaGp5pS10nqPrqYi31sZeFoxT1PGrAE8lGgFsHr9s8eVjf7/x43dTiMOZ
	YBLXFbWvbxuXQI8AAhiCz+A0JZ+4eiXA8RHFUQ9vk+zsNUHIpPsoD1KApjzCKl3G
	xQj8kd8NSTuipF/Io2/sO5nk1wcGxExhkaWFH7hefiG+5rixgAE0dUASsN9/dp9R
	oCmwQ3PxCDm3gCJtLvJCIBFpFsd2NOlEX2KLX/b+58E1xeebAoIBAQDA7po5x6qp
	O6kMvB5aTquYg3M4A1KHLxxMcl4IRB+TGdV3kl+BnmE5QxMk5XEY3OvbZtwW74Pr
	65RzhfxdFf03kdxXC+bNzBy1N9npJs2A9hJZ2oj2zaeavYJFRFGO9gOt2qySBmnF
	dX7ipx1CU3NwHqlaUnlb0aTf/aW09gv0Z/h2kCG/DNGaw4E/Uha/vOq6msuyrY1Q
	DY/pBbU6HWABTTCKMhUcq7Yi33t4Seg/rAXZ5VS+BtXZJjnrisdfCClbRG7fFEfv
	/Z05QFAGHSt0MC1U5S5LRPtLb4s02KtHjF1IHLDXyd7AqJqgrNUBejCoF9wQYWSO
	DTDXxynOgRWLAoIBAQDWvMqO+VLb4AU3dpWLhAYVJyc1cDXGaWfdca996SnH2IHR
	Q9RUlIyRPuJHFwM0u0N+iUQ9kNCSjBQc/Zu+mQGUyO7fZ47hNh7CBPWc7Aex9vl7
	/jZ0WEDdBme1jgDuMdKyECsHuzT4ep1yr1I7yg9mHshqPdB5JWM/UaUfBseBn3uK
	HFZIBEZFeI3GJqmYYIfYDjCg9pFGaVDrGEXGdJ8k0WGVwrpUJfJWGrVurRwlchhy
	JqwT+dkdEBEiB8n/vLB22S+37TLcXAKh8HENIzwIAXWLLO2vGXCbPkCDwttrkWMA
	r+wr/iB9O9xpcCoZfmgZbv0TuYpF3T5rQoRGg2MvAoIBAFP7iUb9k1x3i+7vNIc7
	F5ccIVuQlqwh5b+hSS1v+g6egD28ibZyqv+yIvM8rS6VfFXVQJj7SgG4Wrau7FvY
	5pD5/WAm3iFXaGe6GDFVor8wXmyepGBKxVqmg76DLr18eb2EIvqtr/00WDdxZ1sn
	2GhF8JJQtGMzrwGR+D/9mtaZK57wvr/bZKJp2CkoIp70LXltSJ5OzeS7Apn80haq
	EtB+OVLu2iHQ3Ufw4F5MTbzptOJU4b6WWyBbc3sEviSv+NCxyVFyEp51V6tEQ5Fl
	wTSihBkgajZ5oKoFtCMc7fIHN9PcKV7FkSFsQ2MN2Or7tZJ2UGURACSVuV00ZQ5v
	QmECggEAY0YwIlERLVTNw8FRD50kTSsvTpOwP2/8lv6EBo4FC1lvg/BXBuIT60r0
	ogayNC5IYeYakrrwj/AjjU1EtZglPPQx3YorIIhRlCY5n4LoRD0Odoa9v1IPG63e
	sy8c+p7kjL/5TjG0N36z7c0d3B+KZDVPe0JUwxDfSRizz1piJP8fcD2GnbWXo97a
	PVWgIqIfBuIboTaaGrUkziwFGKkfWzdBNjZfYnxKomjKhPU1BIcQND/eceObpnVi
	Zf1/cDLR9hcDLI1gUM7Z49izJJbkNidR3WYb7nqMCH3I5BBFDrWNIBazWyOb+0jm
	wlmPDN4IkYP0eUozzZAooIXvapswXA==
	-----END PRIVATE KEY-----
	ca: \|
	-----BEGIN CERTIFICATE-----
	MIIFJzCCAw+gAwIBAgIUERebT8qBtwp8no2WftxWsX1SPlgwDQYJKoZIhvcNAQEL
	BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yNTAyMTUxNTI2MTdaFw0zNTAy
	MTMxNTI2MTdaMBUxEzARBgNVBAoMCkV4YW1wbGUgQ0EwggIiMA0GCSqGSIb3DQEB
	AQUAA4ICDwAwggIKAoICAQD6cFxGbaLwAnTpCer3W+myZt9GdWJd5Hf1jmk1+hfE
	WTs2QOrNs/vBH4mn6Cl2g5frnQ6F8OY5r+ndRhf+vuex9EwJJRN9CIe5ECVjHMki
	bc3bao01ZzMSQrM13fjcK4ZhF1KAvs5W4MSG6C0hUg593G6hrJAxSdKJypj9C/WI
	217sfJP/bfQ69Ek8zpFi3zuOMb2hfne34/Au42XDQu1/yRogl09cyVNdy1gEbWSV
	RMde4cezCd2cSKrMLFB53JYql5RU1YT7vFAxSQ28z0S9Hb3qZe1IZaAimaM8sc09
	KHXzu35X5Dj3Jd17b88wwq5OhVb4DTuauClKHkXGiQtuJYOTUP6L0kBhGOPhBeWD
	uJcpfD60cmeFLT+WVtDn+amls/8KX+kZmMK+aU7bF1Rn1ues4dq0+QK9mRxZXvpn
	pIRlDb7M/cKC0Z2WFffO+BbxKNLJiFknxblsUlbcEHHs2cE8UcbmTsWUrtN0ZNo9
	hg8Y9IrwGkwvcPHJDSOiAqhffYyVJghfEDT9YP48BUpiNGyh3OGWbbKhnp3tdoqE
	+qsOKj5wLef7jt5w9amyjZ5m4ND5EJExXNn9N9/iue7rWipIEarNVCovvAAobhzo
	qdghcRJHHCg15T+Okv8sLn0NBODjpp7gEeCvXCDkWRILv68QlX8r4GYUfSmtfptT
	AQIDAQABo28wbTAdBgNVHQ4EFgQUBC6mMItXqAZuXWiHsb6Q4RpjCqwwHwYDVR0j
	BBgwFoAUBC6mMItXqAZuXWiHsb6Q4RpjCqwwDwYDVR0TAQH/BAUwAwEB/zAaBglg
	hkgBhvhCAQ0EDRYLU2VsZiBTaWduZWQwDQYJKoZIhvcNAQELBQADggIBAIUIAUJn
	AUJFkhP8P0Vbc9BjLMnhrwpA2Z5TzmepxlB30ug/mVrnwuNKiH8oENGeA9qI4BPp
	L11nudtTzeL1hWZ3YWEj2VvfVRwvNUaoVq35cgjdnNL0PW5k16nSGX+mTa8eB/ge
	yW3JYNn/kCJ+A0joCV29L4uwnqc9GsiuujRT9XiK/Kia4Cul6ECxpXJQ2jFxpo3e
	ivMXUBYVM0fDqHFZdc13/Aw/cY2nUJta58A+5LHahnGQF87UoJ66TErDlV/Z3gIv
	QJqjQNt5RFFHjRALyCWFOCqmb4TRaARLU4HZRtP6CJT6cbpIlMOHxFYshlEV2/dj
	UjiljT8V36Uj7Gf7vctok7TIZm4HfqAkU9dIEJv6KsDCjNFfDoLQhtKq7mXevtxB
	qGWHzI+B0qRsZrA5A0wqOe1YrVFFTX67g9WXx2MEfjzns920VFWiVH81CIF7jhjt
	QDZzDwOTJXoGtVn8xNwg2VDfj+VQ1PesEwV5zLEn7mhKsJ92sHvfEviqXA8aXiB5
	ccnRQXfOUb3veimEHtmq0amn5iW4mKka4wRQHDgVAUcaVNpjqve09soMAKt86/sQ
	n4j3QRdARNHcT2213/4QOrbw9gco/nYba/Puq7xAS7F2ev3UPiekzpt86XgTB4JY
	wn/sm9eBgQ0YVK0sAQyJQtmO19tNY6lCNum+
	-----END CERTIFICATE-----
	```

	After the certificate has been refreshed, it is necessary to restart pods that
	mount the certificate like so:

	```
	kubectl rollout restart deployment/proxy -n kolab
	```

	## Self-signed certificate

	`kolabctl` will generate a self-signed certificate for test deployments, if no other certificate is configured.

	To refresh the self-signed certificate:

	```
	kolabctl refresh_cert
	```

File Metadata

Mime Type: text/plain
Expires: Sat, Apr 4, 1:36 AM (2 w, 3 d ago)
Storage Engine: local-disk
Storage Format: Raw Data
Storage Handle: 73/57/46b7f2063787e526d48a708626b4
Default Alt Text: changing-tls-certificates.md (8 KB)

changing-tls-certificates.mdNo OneTemporaryActions

changing-tls-certificates.mdView Options

File Metadata

Event Timeline

changing-tls-certificates.md
No OneTemporary
Actions

changing-tls-certificates.md
View Options