After building the TLS certificate chain for the Certificate Enrollment Gateway certificate, you can install the certificate into CSP 1.0.0 PKI. To install the certificate, CSP 1.0.0 PKI requires the following:
- A single file containing the TLS certificate chain, from the TLS certificate to the root CA. You created this file earlier in Building a TLS certificate chain for the Certificate Enrollment Gateway certificate.
- The private key for the certificate. The private key was generated when you created the CSR for the certificate.
Run the following command on the CSP 1.0.0 PKI node where the Certificate Enrollment Gateway certificate chain is located
sudo clusterctl certificate --cert <cert> --key <key>See below for each option.
Parameter | Description |
|---|---|
<cert> | The path of a PEM-formatted file containing the entire TLS certificate chain. |
<key> | The path of a PEM-formatted file containing the private key for TLS. |
For example:
sudo clusterctl certificate --cert /home/sysadmin/ceg/corporate.example.com/tls.crt --key /home/sysadmin/ceg/corporate.example.com/tls.key