TLS Certificates Interface
- Canonical Telco
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/edge | 130 | 12 Nov 2024 | |
| latest/edge | 19 | 10 Feb 2023 |
juju deploy tls-certificates-interface --channel edge
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
Automatic Certificate Renewals
This feature is only available in v4
The automated renewals of certificates is abstracted to charm authors and handled by the TLS Certificates Library. Here’s how it works:
- When the TLS certificates requirer receives a certificate from the TLS certificates provider, it stores it in a Juju secret. The Juju secret is set to expire prior to the certificate expire time.
- A Certificate Available event is emitted, prompting the requesting charm to store the certificate where it needs to be.
- When the Juju secret expires, the TLS requirer removes the old CSR from the relation data, remove the Juju secret, generates a new CSR and place this CSR in its relation data.
- The TLS provider will read this certificate request, generate a certificate and place this certificate in its relation data
- The TLS requirer will read this certificate and emit a certificate available event.