TLS Certificate¶

To secure the service endpoints, you need a CA-signed TLS certificate(s) and key(s). You have the option of obtaining a single key and certificate. In this case, the certificate can be a wild card certificate or a certificate with specific host names.

Other option is to get a key and certificate for each service endpoint with specific hostname.

The certificate requirements are common for all the cloud providers - AWS, Azure and Google Cloud.

Here are more details on the various options. You can go with one of the options and have your certificate ready before you start the installation.

Wild Card Certificate¶

You can use a single key and wild card certificate all the service endpoints. An example is *.corp.example.com and use it for all the service endpoints.

Certificate with specific host names generated by Privacera Manager¶

You can use a single key and CA-signed certificate with following hosts in it. The host-names are generated by Privacera Manager using the DEPLOYMENT_ENV_NAME and DOMAIN_NAME that you provide in the vars YAML file.

Service Endpoint Host Names¶

Example:

1
2

# DEPLOYMENT_ENV_NAME is prod and DOMAIN_NAME is corp.example.com
portal-prod.corp.example.com

Certificate with specific host names generated by you for the service endpoints¶

If you have a different host naming convention then you can override the host names generated by Privacera Manager. Here is the list of YAML variables that you need to set in Privacera Manager. The value has to be a fully qualified host name. You can choose to override only some variables and let the rest be generated by Privacera Manager.

Example:

1

PORTAL_K8S_NGINX_DNS_NAME: privacera-portal.corp.example.com

Comments