SSL setup

To allow the application handle SSL encryption you must provide a certificate and private key

To generate a self-signed certificate you can use the integrated OpenSSL tools on Linux/UNIX

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=localhost'

 

Using a self-signed certificate will raise a warning in the browser. It is used here as an example.
Eventually, you need to require an official certificate and private key according to your company processes.

 

Open the values.yaml file with an editor of your choice and add the certificate and key values and set sslEnabled: true and enabled: true to enable the SSL config
Note: Do not set a pass-phrase when creating the certificate and key pair.

(PEM-encoded X.509, RSA)

ingressConfig: sslEnabled: true cert: enabled: true crt: |- -----BEGIN CERTIFICATE----- MIIE+zCCAuOgAwIBAgIJALDfTocI8wPHMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV ... KJyCsKzx6QRjJZ3PSFEfgvJh3NuVz66Mb14V9zJilg== -----END CERTIFICATE----- key: |- -----BEGIN RSA PRIVATE KEY----- MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDJ88nJD4zPTKDo ... ShQIDwZ/32M3xWogXqPBT6U0DwlftABnwg8ABSwP2wbzHAU4Fb6CU9LHH/poq8TD -----END RSA PRIVATE KEY-----

 

Update the helm-chart with the new values:

./helm upgrade -i order-management -f ./configure/values-on-premise.yaml -f=values.yaml chart/order-management-*.tgz && kubectl -n default rollout restart deployment backend button3d evaljs revproxy yoda