📙 You will learn
How to add a TLS certificate.
Prerequisites
Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: If any
Adding a New Certificate
The following assumes the user already has a ThreadFix instance running in Kubernetes.
Follow this section of the guide if a TLS certificate has not been previously setup for the ThreadFix instance. To change or update a previously installed certificate follow the Update a TLS certificate guide.
Enter the following commands on a command line to perform the described action.
By default the ThreadFix quick start script creates a self-signed certificate for use by ThreadFix. If this utility was used to install ThreadFix, follow the 'Updating a Certificate' guide below.
Acquire a TLS certificate from a trusted provider.
Convert the certificate into base64 encoded PEM format. Follow vendor instructions for converting the current certificate to PEM, if it is not in the correct format.
Run the following (replacing and with their respective paths):
kubectl create secret tls tf-tls --key <tls-key> --cert <tls-cert>
Create a file called tls.yaml with the following contents:
kong: env: SSL_CERT: /etc/secrets/tf-tls/tls.crt SSL_CERT_KEY: /etc/secrets/tf-tls/tls.key secretVolumes: - tf-tlsApply the new configuration items.
helm upgrade <release-name> <chart-name> --reuse-values -f tls.yaml
If the user followed the ThreadFix installation guide for Kubernetes, the release will be tf and the chart will be denimgroup/threadfix.
Otherwise:
Find the chart name with: helm search repo threadfix
Find the release name with: helm ls
Verify the change has applied by navigating to the ThreadFix instance in a browser and inspecting the TLS certificate.