Self Signed X.509 Certificates
- By Canonical Telco
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/stable | 72 | 31 Jan 2024 | |
| latest/candidate | 109 | 06 Mar 2024 | |
| latest/beta | 109 | 06 Mar 2024 | |
| latest/edge | 140 | 06 May 2024 |
juju deploy self-signed-certificates --channel candidate
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
22.04
Getting started
In this tutorial, we will use the Self Signed Certificates charm to provide certificates to a requiring charm using the TLS Certificates Requirer Operator as our TLS certificates requirer.
1. Install pre-requisites
Install MicroK8s:
sudo snap install microk8s
Enable the hostpath-storage MicroK8s add-on:
microk8s enable hostpath-storage
Install Juju:
sudo snap install juju
2. Bootstrap a Juju controller
Bootstrap a Juju controller:
juju bootstrap microk8s
Create a Juju model:
juju add-model demo
3. Deploy Self Signed Certificates
juju deploy self-signed-certificates
4. Deploy tls-certificates-requirer
juju deploy tls-certificates-requirer --channel=edge
5. Integrate the two charms
Integrate the charms with their tls-certificates interface:
juju integrate self-signed-certificates tls-certificates-requirer
Wait for both charms to be in the active/idle status.
ubuntu@server:~$ juju status
Model Controller Cloud/Region Version SLA Timestamp
demo microk8s-localhost microk8s/localhost 3.1.7 unsupported 08:41:14-05:00
App Version Status Scale Charm Channel Rev Address Exposed Message
self-signed-certificates active 1 self-signed-certificates stable 57 10.152.183.96 no
tls-certificates-requirer active 1 tls-certificates-requirer edge 28 10.152.183.45 no Certificate is available
Unit Workload Agent Address Ports Message
self-signed-certificates/0* active idle 10.1.182.39
tls-certificates-requirer/0* active idle 10.1.182.21 Certificate is available
6. Retrieve the TLS Certificates
Use the TLS Certificates Requirer’s get-certificate action to retrieve the certificate it received from Self Signed Certificates:
juju run tls-certificates-requirer/0 get-certificate
You should expect this output (with different certificates of course):
ubuntu@server:~$ juju run tls-certificates-requirer/0 get-certificate
Running operation 1 with 1 task
- task 2 on unit-tls-certificates-requirer-0
Waiting for task 2...
ca-certificate: |-
-----BEGIN CERTIFICATE-----
MIIDZzCCAk+gAwIBAgIUbjeqQUknRGtZeNdncwSLHym/rpMwDQYJKoZIhvcNAQEL
BQAwOTELMAkGA1UEBhMCVVMxKjAoBgNVBAMMIXNlbGYtc2lnbmVkLWNlcnRpZmlj
YXRlcy1vcGVyYXRvcjAeFw0yNDAxMjAxMzQwNDFaFw0yNTAxMTkxMzQwNDFaMDkx
CzAJBgNVBAYTAlVTMSowKAYDVQQDDCFzZWxmLXNpZ25lZC1jZXJ0aWZpY2F0ZXMt
b3BlcmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC43HBkasDd
fksPImfH/Mz9kv8M8iXf9DRJ/ma4DU8pGqXW2kjE6ebUL6ACemiUeQQFjPjGUUHG
f9TWbvwsecmMn1aMQhvhws69qb6PksDmnXkea5HNOJjSqe2FHLH6UpzxfUO4hjrC
qLvE077hvhh5XHOx7XbLCbvtlg3VyHxG/B2lCFJ35hO9BpWKoBMeZhONryJI4moY
pv6zyUaVt7WG1LLEgAiSKn8xwmRTrbL3/rfqQJFI68mSX3j85FCzdpLc3gSaA0xO
4JL8Ka03Ai5KAQAvS8hAUVmvXBBDQxCGhmtLZjWpLrQOOPU0SKl5iwmWkQhGsbzS
dpYsJ9xVPk/nAgMBAAGjZzBlMB8GA1UdDgQYBBYEFLae7JDEVQRJCLVH7Bq4OSAv
KxXKMCEGA1UdIwQaMBiAFgQUtp7skMRVBEkItUfsGrg5IC8rFcowDgYDVR0PAQH/
BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKI7P4In
hx3DvUBWMedtXSeKQIqM1IkjK9w7UqJXVkENGsV4mvEhqqRYE4IhrxwWcq6xVelI
bxTSekdFPoccptCFHEQ9M91w9BBrYVpI93RQ/L0gzbFt8G88lxcfOe6ZIXHFwpxN
Y0wxPDbEYNgBw1slnFmd4jBkd+MmmXuo73p5GMCvSbdIWaYA50ACocqVagC3sQrd
jo5SadqPU7jcNkJRTrgqSFfJ+UR4iqFZb3+5tte4NkGbHazNzsLavp2SjLI/jvJ1
UyPImPtrbtqusTTww04BaS6eUXAtkhBLgAHVpyJiXl56FJAq2yQdXqLo9LM546JT
2s4EmgvpuheyxNk=
-----END CERTIFICATE-----
certificate: |-
-----BEGIN CERTIFICATE-----
MIIDczCCAlugAwIBAgIULfsvblqEGEYSM+qdfskJmLQjQMswDQYJKoZIhvcNAQEL
BQAwOTELMAkGA1UEBhMCVVMxKjAoBgNVBAMMIXNlbGYtc2lnbmVkLWNlcnRpZmlj
YXRlcy1vcGVyYXRvcjAeFw0yNDAxMjAxMzQwNThaFw0yNTAxMTkxMzQwNThaMFox
KTAnBgNVBAMMIHRscy1jZXJ0aWZpY2F0ZXMtcmVxdWlyZXItMC5kZW1vMS0wKwYD
VQQtDCRjNmYyM2EzYS02ZjczLTQ3N2MtYmI5NS1jZmNkNTk2Mzc2YWMwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl6z/ifeXnWNXgTRQC+vH1A+ew7PfH
L9Ar1gyiFj02vAJ8nHG6HdvyOJEMIZkE48IKk1kgzZUXxfKv0bYeq3b/tRWLYL74
+bTrMCcYOo9mzeUST4CVup+l6qad4E4SbTR/Z3ILIOMkeIukpbiUzQBrSAuXlDBw
Om0+nkoejytfh7rl7aM0xI5iJ8QisJ8XZ8YCuC0NMPOvvkXCFnk8FUEXgUmXWOUd
Vkus+0Xs/unKFaItjkp6iTrdZ620LOabtA7nLo1Z16MYMmEbWLWqn3iRkPUfmMZ5
sKnLDJ6oQ2Bu5HZmUQPFiiiabBqG9amKlqy7RjMBpMcueML0bR3Fn2f7AgMBAAGj
UjBQMCEGA1UdIwQaMBiAFgQUtp7skMRVBEkItUfsGrg5IC8rFcowHQYDVR0OBBYE
FCrlMVeaZ1gP5vQ64lBN7Zcl8cSIMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEL
BQADggEBAC5KVDpRmSuhf3sfNyGYMZCuh0ykAgup7FwJF39SfEWUEo+Y87nCREtn
Bo8LWLfjeTTCE+Ni5UfyqlEm6RRrGB14qa+zJaY7d/e+4yGsR9N+9K7KivYvijK2
WCcH6zdZCgNgUlZzwYC9SZDBzzps6qnVsoa16Em7ve4P8BkCZcmicO7Ehkr4D0uc
+FJtW7IFts0EFsMt2g44ekGBTzk7VoGo0q9j9DoykUA2w5o8s0uxqdhKh4GB8y9B
YQ3nHn7BnmywMUjEvr1gmM/TNhjpHK5/ZsEDghzwB7pq9dHISYDS7bIgv4IKMCzQ
iF5JOlqpCxIx3EgRFP/mLwXnuBDzpCo=
-----END CERTIFICATE-----
csr: |-
-----BEGIN CERTIFICATE REQUEST-----
MIICnzCCAYcCAQAwWjEpMCcGA1UEAwwgdGxzLWNlcnRpZmljYXRlcy1yZXF1aXJl
ci0wLmRlbW8xLTArBgNVBC0MJGM2ZjIzYTNhLTZmNzMtNDc3Yy1iYjk1LWNmY2Q1
OTYzNzZhYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKXrP+J95edY
1eBNFAL68fUD57Ds98cv0CvWDKIWPTa8Anyccbod2/I4kQwhmQTjwgqTWSDNlRfF
8q/Rth6rdv+1FYtgvvj5tOswJxg6j2bN5RJPgJW6n6Xqpp3gThJtNH9ncgsg4yR4
i6SluJTNAGtIC5eUMHA6bT6eSh6PK1+HuuXtozTEjmInxCKwnxdnxgK4LQ0w86++
RcIWeTwVQReBSZdY5R1WS6z7Rez+6coVoi2OSnqJOt1nrbQs5pu0DucujVnXoxgy
YRtYtaqfeJGQ9R+YxnmwqcsMnqhDYG7kdmZRA8WKKJpsGob1qYqWrLtGMwGkxy54
wvRtHcWfZ/sCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQB5HFjgH9DEwertl/Zz
KyQeCIE4U12X4sZ15GmDGfEahmeAFzKCOi/FI/ggnBCb5Ops+ZQrn2nFysIW6Mjb
yMXT8jj4qoQYke5s8uXt6T8UjyveXH7mP70ITDfHmSXvPa2jONgKz+HSWlrUB5/x
aTLXgQX/OU1ZWEnDHggL9x9oiCy3wHpHhrZ6+koNkXilELbcbuGc7IA8qLWgAESi
LzvN/MG+D8ppqD+lt3/pgZ1YrCGylAb+D6d01U2mpt7yASW4lIW6oqQKV2z02k1E
Puf4y3KcZ61TPr8vRQs4aj+k4voG55OxYkbrRCaQJ+AaV8YFVXbT29r3hobUwfqm
UnU4
-----END CERTIFICATE REQUEST-----
Good job, you successfully used the Self Signed Certificates charm to provide charm to a requiring charm.
7. Destroy the environment
Kill the Juju controller:
juju kill-controller microk8s-localhost
Uninstall the Juju and MicroK8s snaps:
sudo snap remove microk8s juju --purge