Deploying a user-provided CA certificate

  • Perform this procedure while logged in to the deployer VM.
  • The customer-provided CA must be root CA or subCA.
Use the following command to deploy a user-provided CA certificate to replace the CA certificates for internal servers that were generated during installation:
fss-certificate.sh deploy-fss-ca-certs --certificate <path> --key <path>
where:
  • --certificate <path> is the path to certificate file, including the certificate chain and the trusted signing agency, in PEM format
  • --key <path> is the path to the private key file, in PEM format
  1. Deploy a user-provided CA certificate. 
    # /root/bin/fss-certificate.sh deploy-fss-ca-certs --certificate /root/userdata/signingca-valid5years.crt --key /root/userdata/signingca-valid5years.key
Certificate is valid for 1825 days more till 2028-07-11 08:07:03
FSS updated successfully
Updating Kafka certs, this may take upto 10 minutes
SUCCESS: Certificates deployed!
  2. Optional: Verify the new server certificate.
    You can log in to the UI and inspect the server certificate or perform the procedure Displaying certificates.