Import SSL Certificates

Import SSL certificates to establish secure access to the DuploCloud Portal

Establish secure access to the DuploCloud portal by importing SSL certificates and configuring them within DuploCloud.

Prerequisites

1. Generating the PFX File

Because Azure supports only PFX files for SSL certificates, you must convert the CRT file that DuploCloud provides you to PFX format.

To do this, enter the following using the command line:

openssl pkcs12 -export -out certificate.pfx -inkey <CERTIFICATE_PRIVATE_KEY>.key -in <SECURITY_CERTIFICATE_FILE>.crt -certfile <CERTIFICATE_BUNDLE>.crt
Password prompt when converting CRT file to PFX format

2. Importing SSL Certificates to Azure Key Vault

After you generate the PFX file, import it to Azure Key Vault:

  1. Sign in to the Azure Portal and access Azure Key Vault.

  2. Select the respective Azure Key Vault for your environment (for example, production versus test) to import the PFX file as shown below.

    Azure Key Vaults in the Azure Portal
  3. In Azure Key Vault, navigate to Objects -> Certificates.

    Generate/Import option in Azure Key Vault
  4. Click Generate/Import. The Create a Certificate form displays.

  5. In the Method of Certificate Creation field, select Import.

  6. Name the Certificate in the Certificate Name field.

  7. Upload the PFX file using the Upload Certificate File field.

  8. In the Password field, enter the password you set when you generated the PFX file.

    Create a Certificate form in Azure Key Vault
  9. Click Create. The certificate is created, but not yet available for use, as indicated by the message: There are no certificates available message. In the remaining steps, we will complete the import by copying the certificate’s Secret Identifier ARN and configuring it in DuploCloud.

    There are no certificates available message in Azure Key Vault
  10. On the Certificates page, select the certificate and open its current version.

    CURRENT VERSION of certificate
  11. Copy the Secret Identifier using the Copy Icon (). You will paste it when you configure the certificate in DuploCloud in the next step.

Certificate Version form with Secret Identifier field and copy icon highlighted

3. Configuring the SSL Certificate in DuploCloud

With the Secret Identifier copied to your clipboard, you are ready to configure the certificate in the DuploCloud Portal:

  1. In the DuploCloud Portal, navigate to Administrator -> Plans.

  2. Select the Plan to which you want to add the certificate from the NAME column. The Plan details page displays.

  3. Select the Certificates tab.

    Certificates tab on the Plan page
  4. Click Add. The Add a Certificate pane displays.

    Add a Certificate pane
  5. Enter a Name for the certificate.

  6. Paste the Secret Identifier you copied from the Azure Portal into the Certificate ARN field.

  7. Click Create.

4. Using the SSL Certificate for Ingress in DuploCloud (Optional)

Before attaching SSL certificates to a Kubernetes Ingress resource in DuploCloud, ensure an Azure Application Gateway is already created and configured.

Once the Application Gateway is set up, you can attach the certificate to an Ingress resource:

  1. In the DuploCloud Portal, navigate to Kubernetes -> Ingress.

  2. Locate the Ingress associated with the Azure Application Gateway. Click the menu icon () on that row and select Edit. The Edit Kubernetes Ingress pane displays.

  3. Select the certificate from the Certificate ARN dropdown.

  1. Click Update.

The SSL certificate is now attached to the Ingress and will be used by the Application Gateway for HTTPS traffic.

Last updated

Was this helpful?