nitinjagjivan
commented
1 year ago Thanks, this is nginx cert and we need to import it into trusted root each time we run setup nginx/haproxy . Internal work item is created.
Open stoeps13 opened 1 year ago
nitinjagjivan
commented
1 year ago Thanks, this is nginx cert and we need to import it into trusted root each time we run setup nginx/haproxy . Internal work item is created.
stoeps13
commented
1 year ago Thanks, @nitinjagjivan when you are looking into this. What's the process if I want to have a Lets encrypt or an official certificate?
I see there is a variable nginx_certbot_production in the nginx role, but it is nowhere used or documented.
nitinjagjivan
commented
1 year ago Acknowledged and have created an internal work item. We will prioritise and address it accordingly.
stoeps13
commented
5 months ago Hi, just asking about the status?
This issue is nearly one year old, each run generates certificates and does not update DMGR.
Regards, Christoph
https://github.com/HCL-TECH-SOFTWARE/connections-automation/blob/6284e97dc630da1d84ba873d066be366655e8694/playbooks/setup-component-pack-complete-harbor.yml#L5
On each run, this generates a new TLS certificate (self-signed without root ca). The whole playbook does some things with DMGR (like restart, import ES certs), but does not import this new cert into trusted root. I'm not sure where it fits best, but I would like to call the role https://github.com/HCL-TECH-SOFTWARE/connections-automation/tree/main/roles/third_party/ibm/wasnd/was-dmgr-config-add-cert-truststore after HAProxy role has finished.