Executed when: Replacing the default TLS certificate.
Installs the TLS certificate of Cryptographic Security Platform.
clusterctl certificate --cert <bundle> --key <key>See below for a description of each parameter.
For example:
$ sudo clusterctl certificate --cert /home/sysadmin/cert.pem --key /home/sysadmin/key.pemIf the Certificate Authority solution is already deployed, redeploy the solution to make the changes effective.
$ clusterctl solution deploy --solution-id pkihub-c, --cert <bundle>
Load the TLS certificate and the certification chain from <bundle>, where <bundle> is the path of a plaintext file in the following PEM format.
-----BEGIN CERTIFICATE-----<TLS Server cert in B64 encoding>-----END CERTIFICATE----------BEGIN CERTIFICATE----<CA Subordinate Cert in B64 encoding>-----END CERTIFICATE-----The selected certificate must meet the requirements described in Replacing the default TLS certificate.
Mandatory: Yes.
-k, --key <key>
Load the private key from <key>, where <key> is the path to a PEM file containing a private key. Supported key-generation algorithms are the following.
- RSA 2048 bits
- RSA 3072 bits
- RSA 4096 bits
- ECDSA curve NIST P-256
Password-protected keys are not currently supported.
Mandatory: Yes.