Executed when: Replacing the default TLS certificate.
Installs the TLS certificate of PKI Hub.
clusterctl certificate --cert <bundle> --key <key>See below for a description of each parameter.
For example:
$ sudo clusterctl certificate --cert /home/sysadmin/cert.pem --key /home/sysadmin/key.pemIf the Certificate Authority solution is already deployed, redeploy the solution to make the changes effective.
$ clusterctl solution deploy --solution-id pkihub-c, --cert <bundle>
Load the TLS certificate and the certification chain from <bundle>, where <bundle> is the path of a plaintext file in the following PEM format.
-----BEGIN CERTIFICATE-----<TLS Server cert in B64 encoding>-----END CERTIFICATE----------BEGIN CERTIFICATE----<CA Subordinate Cert in B64 encoding>-----END CERTIFICATE-----The selected certificate must meet the requirements described in Replacing the default TLS certificate.
Mandatory: Yes.
-k, --key <key>
Load the private key from <key>, where <key> is the path to a PEM file containing a private key. Supported key-generation algorithms are the following.
- RSA 2048 bits
- RSA 3072 bits
- RSA 4096 bits
- ECDSA curve NIST P-256
- ECDSA curve NIST P-384
- ECDSA curve NIST P-521
See below for sample file contents.
-----BEGIN RSA PRIVATE KEY-----MIIEpAIBAAKCAQEAvr9lYlZ2lK8tHj3S7z0YbFjVqv5zX7dE1ONi6kL+W7CqvQ2F...q1Z2YQKBgQCl8zZ7J1Y3LwIDAQABAoIBAQCx8y2m3Y7x-----END RSA PRIVATE KEY----------BEGIN EC PRIVATE KEY-----MHcCAQEEIFkz7zvK2pFq7V9X1nZ2x6Q1v8YyH1t4s5l9w3yY9pRHoAoGCCqGSM49...4v7Y2m3l9x5y7z3v8Q1x2y3z4g5k6h7j8k9l0==-----END EC PRIVATE KEY-----Password-protected keys are not currently supported.
Mandatory: Yes.