As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.

Adding a TLS Certificate

Owned by Eric Cuevas (Unlicensed)
Last updated: Feb 25, 2022
2 min read

You will learn

How to add a TLS certificate.

Prerequisites

Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: If any

Adding a New Certificate

The following assumes the user already has a ThreadFix instance running in Kubernetes.

Follow this section of the guide if a TLS certificate has not been previously setup for the ThreadFix instance. To change or update a previously installed certificate follow the Update a TLS certificate guide.

Enter the following commands on a command line to perform the described action.

By default the ThreadFix quick start script creates a self-signed certificate for use by ThreadFix. If this utility was used to install ThreadFix, follow the 'Updating a Certificate' guide below.

  1. Acquire a TLS certificate from a trusted provider.

  2. Convert the certificate into base64 encoded PEM format. Follow vendor instructions for converting the current certificate to PEM, if it is not in the correct format.

  3. Run the following (replacing <tls-key> and <tls-cert> with their respective paths):

    kubectl create secret tls tf-tls --key <tls-key> --cert <tls-cert>

     

  4. Create a file called tls.yaml with the following contents:

    kong: env: SSL_CERT: /etc/secrets/tf-tls/tls.crt SSL_CERT_KEY: /etc/secrets/tf-tls/tls.key secretVolumes: - tf-tls

     

  5. Apply the new configuration items.

    helm upgrade <release-name> <chart-name> --reuse-values -f tls.yaml

    • If the user followed the ThreadFix installation guide for Kubernetes, the release will be tf and the chart will be denimgroup/threadfix.

    • Otherwise:

      • Find the chart name with: helm search repo threadfix

      • Find the release name with: helm ls

  6. Verify the change has applied by navigating to the ThreadFix instance in a browser and inspecting the TLS certificate.

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.