Import SSL certificates

Establish secure access to the DuploCloud portal by importing SSL certificates, and creating and configuring the certificates in DuploCloud.

Prerequisites

• Contact the DuploCloud support staff via email or by using your private Slack channel to request the following for SSL certificate setup and configuration:

  • Security Certificate (.crt) file

  • Certificate Private Key

  • Certificate Bundle (.crt) containing the Intermediate and Root Certificates. You can download the Certificate Bundle from https://support.globalsign.com/ca-certificates/intermediate-certificates/alphassl-intermediate-certificates.

Generating the PFX file

Because Azure supports only PFX files for SSL certificates, you must convert the CRT file that DuploCloud provides you to PFX format.

To do this, enter the following using the command line:

openssl pkcs12 -export -out certificate.pfx -inkey <CERTIFICATE_PRIVATE_KEY>.key -in <SECURITY_CERTIFICATE_FILE>.crt -certfile <CERTIFICATE_BUNDLE>.crt

Importing SSL certificates to Azure

After you generate the PFX file, sign in to the Azure Portal and access Azure Key Vault.

1. Select the respective Azure Key Vault for your environment (for example, production versus test) to import the PFX file as shown below.
2. In Azure Key Vault, navigate to Objects -> Certificates and click Generate/Import.
3. When you click Generate/Import, the Create a Certificate form displays. In the Method of Certificate Creation field, select Import.

4. Name the Certificate, using the Certificate Name field.

5. Browse for a file to upload, using the Upload Certificate File field.

6. In the Password field, enter the password you set when you generated the PFX file.
7. Click Create. Even though the certificate is created, notice that the certificate is not yet successfully imported into the vault, as indicated by the No certificates available message, as shown below. To import the certificate, you must obtain the Secret Identifier ARN of this certificate and then configure it in DuploCloud.
8. On the Certificates page, select the certificate from the list, and open the CURRENT VERSION of the certificate, as shown below, to obtain the Secret Identifier.

Configuring the SSL Certificate in DuploCloud

With the Secret Identifier in your Clipboard, you are now ready to configure the certificate in the DuploCloud Portal and

1. In the DuploCloud Portal, navigate to Administrator -> Plans.

2. Select the Plan to which you want to add the certificate from the Name column. The Plans page displays.
3. Click the Certificates tab.
4. Click Add. The Add a Certificate pane displays.
5. Enter a Name for the certificate.

6. Paste the Secret Identifier that you obtained from the Azure Portal (it should be in your Clipboard) into the Certificate ARN field.

7. Click Create.

Using the SSL Certificate for Ingress in DuploCloud

If you use Kubernetes Ingress, you can attach the certificate to the appropriate DuploCloud service in the DuploCloud portal by using the Kubernetes -> Ingress option.

1. In the DuploCloud Portal, navigate to Kubernetes -> Ingress.

2. On the Ingress page, select the Ingress instance for the azure- application-gateway.

3. Click the Ingress Rules tab.

4. From the Actions menu, select Edit.
5. On the Edit Kubernetes Ingress page, select the certificate that you want to attach from the Certificate ARN list box.
6. Click Update.

The certificate is attached to the Ingress application gateway and is available to the service.