Manual TLS Certificates

  • Canonical Telco
Channel Revision Published Runs on
latest/stable 108 04 Jul 2024
Ubuntu 22.04
latest/candidate 108 04 Jul 2024
Ubuntu 22.04
latest/beta 108 04 Jul 2024
Ubuntu 22.04
latest/edge 129 22 Oct 2024
Ubuntu 22.04
latest/edge 128 22 Oct 2024
Ubuntu 22.04
juju deploy manual-tls-certificates --channel candidate
Show information

Platform:

Ubuntu
22.04

Provide Certificates

1. Deploy Manual TLS Certificates

juju deploy manual-tls-certificates

Relate it to the charm requiring TLS Certificates:

juju relate manual-tls-certificates <your-charm>

2. Retrieve the certificate signing request

Retrieve all certificate signing requests that don’t have certificates already provided:

juju run manual-tls-certificates/leader get-outstanding-certificate-requests

For the specific relation ID associated to your charm, retrieve the certificate signing request:

juju run manual-tls-certificates/leader get-certificate-request relation-id=<id>

The output of this action is the certificate signing request, use it to obtain a signed TLS Certificate.

3. Provide the certificate

Once you have the certificate signed, provide it to the requiring charm using this action:

juju run manual-tls-certificates/leader provide-certificate \
  relation-id=<id> \
  certificate="$(base64 -w0 certificate.pem)" \
  ca-chain="$(base64 -w0 ca_chain.pem)" \
  ca-certificate="$(base64 -w0 ca_certificate.pem)" \
  certificate-signing-request="$(base64 -w0 csr.pem)" \
  unit-name="<unit-name>"

At this point the certificate is available for the requirer unit which requested it.


Help improve this document in the forum (guidelines). Last updated 10 months ago.