As an application operator, you can upload transport layer security (TLS) certificates to Tanzu Service Mesh for use in different situations where secure, TLS-encrypted connections need to be established to services in your service mesh, such as when public services are used.
This procedure describes how to add a new certificate to Tanzu Service Mesh.
Prerequisites
Verify the following prerequisites:
Verify that you are familiar with public-key infrastructure (PKI) concepts certificate, private key, certificate authority (CA), and certificate chain.
You have a certificate and a private key from a trusted certificate authority (CA) and know the location of the certificate and private key files. The certificate file must be in PEM (.pem) format. The private key file must be in PEM or KEY (.key) format.
Users in your organization can configure a public service to be accessible at an HTTPS URL and select a certificate in the public service configuration to encrypt HTTPS traffic to the service. To ensure that the certificate works correctly, verify that it matches the domain specified for the public service. For more information about public services, see Create a Public Service.
Procedure
Results
The new certificate is added to the table on the Keys & Certificates page. To edit or delete the certificate, click the three vertical dots to the left of the certificate name in the table and click Edit or Delete on the menu. The table on the Keys & Certificates page displays details about the certificate, including the following details:
The name of the certificate
The date and time when the certificate becomes valid
The date and time when the certificate expires
Details of the certificate issuer (common name, organization, and organizational unit if specified)
The organization to which the certificate was issued
The certificate authority (CA) that issued the certificate
The certificate serial number
If some of the details about the certificate are not visible in the table, in the upper-right of the table, click Column Settings and select the check box next to each column that you want to show in the table.
The certificate is available for selection in public service configurations that specify HTTPS. If a user selects the certificate for a public service, Tanzu Service Mesh will attach the certificate to the domain of the public service to encrypt traffic to the service.