After building the TLS certificate chain for the Certificate Enrollment Gateway certificate, you can install the certificate into CSP 1.0.0. To install the certificate, CSP 1.0.0 requires the following:

Run the following command on the CSP 1.0.0 node where the Certificate Enrollment Gateway certificate chain is located 

sudo clusterctl certificate --cert <cert> --key <key>

See below for each option. 

Parameter

Description

<cert>

The path of a PEM-formatted file containing the entire TLS certificate chain.

<key>

The path of a PEM-formatted file containing the private key for TLS.

For example: 

sudo clusterctl certificate --cert /home/sysadmin/ceg/corporate.example.com/tls.crt --key /home/sysadmin/ceg/corporate.example.com/tls.key