When no tls certificates are provided the platform will create a self-signed TLS certificate on its first start. This self-signed certificates lead to security warnings in the browsers when accessing the web interface of the platform.
To overcome this warnings in a productive system, the platform provides capabilities to exchange the self-signed certificates with valid ones:
- Rename the certificate and key file to
tls.crt
andtls.key
and place it in the directory next to thedeploy_platform.sh<deploy-platform-script>
script. - Run
./deploy_platform.sh --install-certs
- Optional: To make the installed certificates outlast redeployments of the platform, place
tls.crt
andtls.key
in$FAST_DATA_DIR/tls
(the value of FAST_DATA_DIR is set indeploy_platform.sh
.)
This procedure will also restart the pods of the platform related for TLS and the new certificate will be used for any subsequent https requests.