As an application operator, you can upload transport layer security (TLS) certificates to Tanzu Service Mesh for use in different situations where secure, TLS-encrypted connections need to be established to services in your service mesh, such as when public services are used.

This procedure describes how to add a new certificate to Tanzu Service Mesh.

Prerequisites

Verify the following prerequisites:

  • Verify that you are familiar with public-key infrastructure (PKI) concepts certificate, private key, certificate authority (CA), and certificate chain.

  • You have a certificate and a private key from a trusted certificate authority (CA) and know the location of the certificate and private key files. The certificate file must be in PEM (.pem) format. The private key file must be in PEM or KEY (.key) format.

  • Users in your organization can configure a public service to be accessible at an HTTPS URL and select a certificate in the public service configuration to encrypt HTTPS traffic to the service. To ensure that the certificate works correctly, verify that it matches the domain specified for the public service. For more information about public services, see Create a Public Service.

  • Access the Tanzu Service Mesh Console.

Procedure

  1. In the navigation pane on the left, click Admin > Keys & Certificates.
  2. On the Keys & Certificates page, on the Keys & Certificates tab, click New Certificate.
  3. In the New Certificate dialog box, provide the following information.

    • Name. The name of the certificate to help distinguish it from other certificates in Tanzu Service Mesh. The name can contain only alphanumeric characters and underscores (_) and cannot contain numbers and special characters, such as ampersands (&) and pound signs (#). It must contain a minimum of 2 characters and a maximum of 1,024 characters.

    • (Optional) Description. An optional description of the certificate.

    • Certificate File. Click Select .PEM File and browse to the certificate file that you want to upload.

    • Private Key. Click Select .PEM /.KEY File and browse to the private key file.

    • (Optional) Certificate Chain. Optionally upload the CA certificate chain file.

    Note:

    Certificate Type specifies the type of certificate. Currently, only user-defined certificates are available.

  4. Click Save.

Results

The new certificate is added to the table on the Keys & Certificates page. To edit or delete the certificate, click the three vertical dots to the left of the certificate name in the table and click Edit or Delete on the menu. The table on the Keys & Certificates page displays details about the certificate, including the following details:

  • The name of the certificate

  • The date and time when the certificate becomes valid

  • The date and time when the certificate expires

  • Details of the certificate issuer (common name, organization, and organizational unit if specified)

  • The organization to which the certificate was issued

  • The certificate authority (CA) that issued the certificate

  • The certificate serial number

Note:

If some of the details about the certificate are not visible in the table, in the upper-right of the table, click Column Settings and select the check box next to each column that you want to show in the table.

The certificate is available for selection in public service configurations that specify HTTPS. If a user selects the certificate for a public service, Tanzu Service Mesh will attach the certificate to the domain of the public service to encrypt traffic to the service.