Page MenuHomePhorge
Files F117751692

No OneTemporary
Actions

Authored By
Unknown
Size
9 KB
Referenced Files
None
Subscribers
None

View Options

diff --git a/docs/docs/administration/changing-tls-certificates.md b/docs/docs/administration/changing-tls-certificates.md
index 5c104f9..54a2900 100644
--- a/docs/docs/administration/changing-tls-certificates.md
+++ b/docs/docs/administration/changing-tls-certificates.md
@@ -1,169 +1,185 @@
# Changing the TLS certificate
The used TLS certificate is managed in `values.yaml`, and are applied via `kolabctl apply`
## Let’s Encrypt
Requirements:
* Your system must be publicly available (with IP and DNS), because the Let's encrypt service will have to verify domain ownership.
* Your system must be able to resolve it's own domain name (because of internal checks by cert-manager).
To make use of automatically renewed let’s encrypt certificates, apply the following configuration:
```
certManager:
letsencryptIssuer:
enabled: true
email: "admin@DOMAIN"
tlsSecret:
name: kolab-cert-letsencrypt
type: letsencrypt
```
### Troubleshooting
Please refer to <https://cert-manager.io/docs/troubleshooting/acme/>
## Manual certificate management
Adjust the following section in `values.yaml` to include your new certificate.
```
tlsSecret:
name: kolab-cert-static
type: static
crt: |
TLS_CERT
key: |
TLS_KEY
ca: |
CA_CERT
```
Insert your certificate at the TLS_CERT/TLS_KEY/CA_CERT markers as in the following example.
```
tlsSecret:
name: kolab-cert-static
type: static
crt: |
-----BEGIN CERTIFICATE-----
MIIFbzCCA1egAwIBAgIUTUa/k0pj14OpfcDhl7bscecMD58wDQYJKoZIhvcNAQEL
BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yNTAyMTUyMDIwMjRaFw0yNTAz
MTUyMDIwMjRaMDIxEzARBgNVBAoMCkV4YW1wbGUgQ0ExGzAZBgNVBAMMEnNpbmds
ZS5rM3Mua2xhYi5jYzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALnU
J4Dy9GCzEG/mciw2Kse6O7s7meF4IK+cE9o2fIQAntIziEVTdgJjMgN4zef865py
0NMjZFOhWc/jjcaFj7v/cdgvNRYaD5BB1L0UQO+U7zokKQj07JCKsEWS3/V52WYC
gH31hPmAzpFdnYPdPs9je8LAHmNEoAi5iWrdJJEn+W+vFdnRciufzvaMWHRhQrmM
eg9PJMcP6k9TvuPlN0I5l/jhlUKwD8POxEDNe+sex3Mn/uwcrHvjBbLuS9Xv0AC4
28jVjjd2gZJirWq+nlKFJJzbRov0+HGiKY+jNybCuxhvnCZ/xUylTuwyIfxZQZYL
SKsaiiDaZu3gObWHsBRaSDX17DPhFARgigM05sjoRQRKmSh0Now/3MNzqFxcysMo
D27IXFHZM5z/a+yttIWIbL8yj1iohXAsL8qqhd1dNs5fd7UhQOJs257lhEbEomGA
o0N29Kp701Mrlw8J/uesd3HKgtTvclHHKtuf0Qd1P1692NUkvEP/AIj0nDb9sekz
Qx30l/8APhf3cR7y4zb5fUqLI6foeMEHbsx653xsmCI6xYQlMU4F4lAu7j8LkTz8
i698DwBhBoEAhBpbfAOSH2L9V0rdWh44Nyma6IY5bhbQ+z1NYHQmWzrKaFvQVwqs
G0HCKGosVp+tiYji3b6lx2QNm3Fxjk30nTzdj3gpAgMBAAGjgZkwgZYwVAYDVR0R
BE0wS4ISc2luZ2xlLmszcy5rbGFiLmNjghhhZG1pbi5zaW5nbGUuazNzLmtsYWIu
Y2OCG3NlcnZpY2VzLnNpbmdsZS5rM3Mua2xhYi5jYzAdBgNVHQ4EFgQUVGhCdr/L
qAYSysFBHHX4YLswymQwHwYDVR0jBBgwFoAUBC6mMItXqAZuXWiHsb6Q4RpjCqww
DQYJKoZIhvcNAQELBQADggIBAJIyvkQKBc2w/mXIBGknuTIbvVK5VKMhH/cZQ++f
VxIhJ+f5mIWkHLt19WM3/ZHjRBDldU9mNUFHsgT/d6Vdn4RIIb2+Jg3pmGfGq5fW
+WwSG8LWfeJvXHvznjxbSsTKlvIa5kAx8ZKrgkh+U9h7DgkC9oFgyDdA46qdmlUj
xzmXsX5XKS/vuGJzzPISPjD0QnR7wZswod1u9iYfwFESRWJ2QNKCzld472S4MShe
m3x7vEQHvvReCFS1C6WVEwJX98kTTzx/IlVxkfOR/0AE2n0ot+LLLiUYmv4FMt76
VerPIedTlGoTZ1egxkdgq0q6Igr3sZO5E/2hLPBWJIz8RB1qnX28EDJB1mkzgCnU
8xOslFP3CRrKGp+mBnt7urF1fiH5841sakQGSj51Lg5pvKa1ccpL9yJ92WxuzHlY
SiCpZE1XqjKtcsqrJuEcf36sIuH7VIw/My8x6zv1Fq75RA0g7yV53ENQY4Fhv7tH
/reuoeXMKvltPWc3bi+icRllFdO30HOiHzAqr5Sp/9P+x0nrydFYydgmgA9AioEY
/dZpmNp2YSHoCGAzHTcdMrmCo/3BXrlzLlWxCtPV1cTlM3nTNPb0qarPN3JUYs5E
+ZEyVAYWzRCFevCSeQBA5+iYvqkeNP+WimVEP6L2qUmc5kQqziGdDMJfBEupu6oZ
biFf
-----END CERTIFICATE-----
key: |
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC51CeA8vRgsxBv
5nIsNirHuju7O5nheCCvnBPaNnyEAJ7SM4hFU3YCYzIDeM3n/OuactDTI2RToVnP
443GhY+7/3HYLzUWGg+QQdS9FEDvlO86JCkI9OyQirBFkt/1edlmAoB99YT5gM6R
XZ2D3T7PY3vCwB5jRKAIuYlq3SSRJ/lvrxXZ0XIrn872jFh0YUK5jHoPTyTHD+pP
U77j5TdCOZf44ZVCsA/DzsRAzXvrHsdzJ/7sHKx74wWy7kvV79AAuNvI1Y43doGS
Yq1qvp5ShSSc20aL9PhxoimPozcmwrsYb5wmf8VMpU7sMiH8WUGWC0irGoog2mbt
4Dm1h7AUWkg19ewz4RQEYIoDNObI6EUESpkodDaMP9zDc6hcXMrDKA9uyFxR2TOc
/2vsrbSFiGy/Mo9YqIVwLC/KqoXdXTbOX3e1IUDibNue5YRGxKJhgKNDdvSqe9NT
K5cPCf7nrHdxyoLU73JRxyrbn9EHdT9evdjVJLxD/wCI9Jw2/bHpM0Md9Jf/AD4X
93Ee8uM2+X1KiyOn6HjBB27Meud8bJgiOsWEJTFOBeJQLu4/C5E8/IuvfA8AYQaB
AIQaW3wDkh9i/VdK3VoeODcpmuiGOW4W0Ps9TWB0Jls6ymhb0FcKrBtBwihqLFaf
rYmI4t2+pcdkDZtxcY5N9J083Y94KQIDAQABAoICAFheH+79GeMGI/HilzaZB5z0
3cS6ogGLO5fm07X4JRwso1n4MXwuJTcbbsQh5WDFcFCA+vb8pI/0cZ4fauMVznUr
Ezsnr8nz2KTT+VN01zBXFbADVBQzTG+r1AkxwBieuhf9Zpb/cx2m+BQ+fVIgmubK
OycwbwLrtmKPwF42DVaNuNs4Wl67b9x44VVzBflJ6w4LVFwFWcrjsZvJikQbUzzF
4JP0yiLtUIHfyIm8bYowl84WHe6v8AH1wlcFZMC2iqZdQf7uNvP/AbzX+fmB7g31
zKRezdxuQNrgr3zjs61V+tyy7oGMTwmUrsQ5TtoOo9azRPpA46Cd20aRU0AU51Dl
YRjK09hNRCa7Y4m/FbowABZjTH/VFqKO1Jmemjz3kVdKZrjZuVArtB92CWe+7vCq
9ZGztZV3lreZQ2AJI5HUk7GO6fOay9KTGG5kChPF4sdiSoujnIgeTUnxZRd3H1Th
ahKSAWYQUgpgsuqrqVnViKVW7c2b4oY1B70XN8v3y8itFTMycu+B91ulBCBT7kEc
pXCAc73vjUSpPCsmD6cso1lqL9DVeAyAwQ9GIF2DEvIXLrJFNx5J9Keocxgat3Pi
MVPQslNl50nMrbtWFqRQWQWlUj41se59hFyYwcXRH/Tcy3JJ+WPaahlImY11QaVC
9beW1j0dLZ5Pq232srX1AoIBAQD2kx2UZYCPLz1oAmQF8hNkD0mhGMu8O2Vb1cU2
qBmEXiU+wKt8Hg6MqpVzcdNQ52hwnvjweNgi07Xady2szPG/ylYFZvrZjUGZONKs
3OVoDt7xaGp5pS10nqPrqYi31sZeFoxT1PGrAE8lGgFsHr9s8eVjf7/x43dTiMOZ
YBLXFbWvbxuXQI8AAhiCz+A0JZ+4eiXA8RHFUQ9vk+zsNUHIpPsoD1KApjzCKl3G
xQj8kd8NSTuipF/Io2/sO5nk1wcGxExhkaWFH7hefiG+5rixgAE0dUASsN9/dp9R
oCmwQ3PxCDm3gCJtLvJCIBFpFsd2NOlEX2KLX/b+58E1xeebAoIBAQDA7po5x6qp
O6kMvB5aTquYg3M4A1KHLxxMcl4IRB+TGdV3kl+BnmE5QxMk5XEY3OvbZtwW74Pr
65RzhfxdFf03kdxXC+bNzBy1N9npJs2A9hJZ2oj2zaeavYJFRFGO9gOt2qySBmnF
dX7ipx1CU3NwHqlaUnlb0aTf/aW09gv0Z/h2kCG/DNGaw4E/Uha/vOq6msuyrY1Q
DY/pBbU6HWABTTCKMhUcq7Yi33t4Seg/rAXZ5VS+BtXZJjnrisdfCClbRG7fFEfv
/Z05QFAGHSt0MC1U5S5LRPtLb4s02KtHjF1IHLDXyd7AqJqgrNUBejCoF9wQYWSO
DTDXxynOgRWLAoIBAQDWvMqO+VLb4AU3dpWLhAYVJyc1cDXGaWfdca996SnH2IHR
Q9RUlIyRPuJHFwM0u0N+iUQ9kNCSjBQc/Zu+mQGUyO7fZ47hNh7CBPWc7Aex9vl7
/jZ0WEDdBme1jgDuMdKyECsHuzT4ep1yr1I7yg9mHshqPdB5JWM/UaUfBseBn3uK
HFZIBEZFeI3GJqmYYIfYDjCg9pFGaVDrGEXGdJ8k0WGVwrpUJfJWGrVurRwlchhy
JqwT+dkdEBEiB8n/vLB22S+37TLcXAKh8HENIzwIAXWLLO2vGXCbPkCDwttrkWMA
r+wr/iB9O9xpcCoZfmgZbv0TuYpF3T5rQoRGg2MvAoIBAFP7iUb9k1x3i+7vNIc7
F5ccIVuQlqwh5b+hSS1v+g6egD28ibZyqv+yIvM8rS6VfFXVQJj7SgG4Wrau7FvY
5pD5/WAm3iFXaGe6GDFVor8wXmyepGBKxVqmg76DLr18eb2EIvqtr/00WDdxZ1sn
2GhF8JJQtGMzrwGR+D/9mtaZK57wvr/bZKJp2CkoIp70LXltSJ5OzeS7Apn80haq
EtB+OVLu2iHQ3Ufw4F5MTbzptOJU4b6WWyBbc3sEviSv+NCxyVFyEp51V6tEQ5Fl
wTSihBkgajZ5oKoFtCMc7fIHN9PcKV7FkSFsQ2MN2Or7tZJ2UGURACSVuV00ZQ5v
QmECggEAY0YwIlERLVTNw8FRD50kTSsvTpOwP2/8lv6EBo4FC1lvg/BXBuIT60r0
ogayNC5IYeYakrrwj/AjjU1EtZglPPQx3YorIIhRlCY5n4LoRD0Odoa9v1IPG63e
sy8c+p7kjL/5TjG0N36z7c0d3B+KZDVPe0JUwxDfSRizz1piJP8fcD2GnbWXo97a
PVWgIqIfBuIboTaaGrUkziwFGKkfWzdBNjZfYnxKomjKhPU1BIcQND/eceObpnVi
Zf1/cDLR9hcDLI1gUM7Z49izJJbkNidR3WYb7nqMCH3I5BBFDrWNIBazWyOb+0jm
wlmPDN4IkYP0eUozzZAooIXvapswXA==
-----END PRIVATE KEY-----
ca: |
-----BEGIN CERTIFICATE-----
MIIFJzCCAw+gAwIBAgIUERebT8qBtwp8no2WftxWsX1SPlgwDQYJKoZIhvcNAQEL
BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yNTAyMTUxNTI2MTdaFw0zNTAy
MTMxNTI2MTdaMBUxEzARBgNVBAoMCkV4YW1wbGUgQ0EwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQD6cFxGbaLwAnTpCer3W+myZt9GdWJd5Hf1jmk1+hfE
WTs2QOrNs/vBH4mn6Cl2g5frnQ6F8OY5r+ndRhf+vuex9EwJJRN9CIe5ECVjHMki
bc3bao01ZzMSQrM13fjcK4ZhF1KAvs5W4MSG6C0hUg593G6hrJAxSdKJypj9C/WI
217sfJP/bfQ69Ek8zpFi3zuOMb2hfne34/Au42XDQu1/yRogl09cyVNdy1gEbWSV
RMde4cezCd2cSKrMLFB53JYql5RU1YT7vFAxSQ28z0S9Hb3qZe1IZaAimaM8sc09
KHXzu35X5Dj3Jd17b88wwq5OhVb4DTuauClKHkXGiQtuJYOTUP6L0kBhGOPhBeWD
uJcpfD60cmeFLT+WVtDn+amls/8KX+kZmMK+aU7bF1Rn1ues4dq0+QK9mRxZXvpn
pIRlDb7M/cKC0Z2WFffO+BbxKNLJiFknxblsUlbcEHHs2cE8UcbmTsWUrtN0ZNo9
hg8Y9IrwGkwvcPHJDSOiAqhffYyVJghfEDT9YP48BUpiNGyh3OGWbbKhnp3tdoqE
+qsOKj5wLef7jt5w9amyjZ5m4ND5EJExXNn9N9/iue7rWipIEarNVCovvAAobhzo
qdghcRJHHCg15T+Okv8sLn0NBODjpp7gEeCvXCDkWRILv68QlX8r4GYUfSmtfptT
AQIDAQABo28wbTAdBgNVHQ4EFgQUBC6mMItXqAZuXWiHsb6Q4RpjCqwwHwYDVR0j
BBgwFoAUBC6mMItXqAZuXWiHsb6Q4RpjCqwwDwYDVR0TAQH/BAUwAwEB/zAaBglg
hkgBhvhCAQ0EDRYLU2VsZiBTaWduZWQwDQYJKoZIhvcNAQELBQADggIBAIUIAUJn
AUJFkhP8P0Vbc9BjLMnhrwpA2Z5TzmepxlB30ug/mVrnwuNKiH8oENGeA9qI4BPp
L11nudtTzeL1hWZ3YWEj2VvfVRwvNUaoVq35cgjdnNL0PW5k16nSGX+mTa8eB/ge
yW3JYNn/kCJ+A0joCV29L4uwnqc9GsiuujRT9XiK/Kia4Cul6ECxpXJQ2jFxpo3e
ivMXUBYVM0fDqHFZdc13/Aw/cY2nUJta58A+5LHahnGQF87UoJ66TErDlV/Z3gIv
QJqjQNt5RFFHjRALyCWFOCqmb4TRaARLU4HZRtP6CJT6cbpIlMOHxFYshlEV2/dj
UjiljT8V36Uj7Gf7vctok7TIZm4HfqAkU9dIEJv6KsDCjNFfDoLQhtKq7mXevtxB
qGWHzI+B0qRsZrA5A0wqOe1YrVFFTX67g9WXx2MEfjzns920VFWiVH81CIF7jhjt
QDZzDwOTJXoGtVn8xNwg2VDfj+VQ1PesEwV5zLEn7mhKsJ92sHvfEviqXA8aXiB5
ccnRQXfOUb3veimEHtmq0amn5iW4mKka4wRQHDgVAUcaVNpjqve09soMAKt86/sQ
n4j3QRdARNHcT2213/4QOrbw9gco/nYba/Puq7xAS7F2ev3UPiekzpt86XgTB4JY
wn/sm9eBgQ0YVK0sAQyJQtmO19tNY6lCNum+
-----END CERTIFICATE-----
```
+After the certificate has been refreshed, it is necessary to restart pods that
+mount the certificate like so:
+
+```
+kubectl rollout restart deployment/proxy -n kolab
+```
+
+## Self-signed certificate
+
+`kolabctl` will generate a self-signed certificate for test deployments, if no other certificate is configured.
+
+To refresh the self-signed certificate:
+
+```
+kolabctl refresh_cert
+```

File Metadata

Mime Type
text/x-diff
Expires
Sat, Apr 4, 3:22 AM (1 d, 11 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18822388
Default Alt Text
(9 KB)

Event Timeline