1 of 1

Import SSL Certificates

Import SSL certificates to establish secure access to the DuploCloud Portal

Establish secure access to the DuploCloud portal by importing SSL certificates and configuring them within DuploCloud.

If you haven't already done so, contact the DuploCloud support staff via email or by using your private Slack channel. They will provide you with everything you need to accomplish this task and assist you with other needed prerequisites to set up DuploCloud for Azure.

Prerequisites

Contact DuploCloud support: Contact DuploCloud staff via email or your private Slack channel to request the following for SSL certificate setup and configuration:
- Security Certificate (.crt) file
- Certificate Private Key
- Certificate Bundle (.crt) containing the Intermediate and Root Certificates. You can download the Certificate Bundle from https://support.globalsign.com/ca-certificates/intermediate-certificates/alphassl-intermediate-certificates.

1. Generating the PFX File

Because Azure supports only PFX files for SSL certificates, you must convert the CRT file that DuploCloud provides you to PFX format.

To do this, enter the following using the command line:

openssl pkcs12 -export -out certificate.pfx -inkey <CERTIFICATE_PRIVATE_KEY>.key -in <SECURITY_CERTIFICATE_FILE>.crt -certfile <CERTIFICATE_BUNDLE>.crt

When running this command, you will be prompted to create a password. Save it securely; you'll need it when importing the certificate to Azure KeyVault.

2. Importing SSL Certificates to Azure Key Vault

After you generate the PFX file, import it to Azure Key Vault:

Sign in to the Azure Portal and access Azure Key Vault.
Select the respective Azure Key Vault for your environment (for example, production versus test) to import the PFX file as shown below.
Azure Key Vaults in the Azure Portal
In Azure Key Vault, navigate to Objects -> Certificates.
Generate/Import option in Azure Key Vault
Click Generate/Import. The Create a Certificate form displays.
In the Method of Certificate Creation field, select Import.
Name the Certificate in the Certificate Name field.
Upload the PFX file using the Upload Certificate File field.
In the Password field, enter the password you set when you generated the PFX file.
Create a Certificate form in Azure Key Vault
Click Create. The certificate is created, but not yet available for use, as indicated by the message: There are no certificates available message. In the remaining steps, we will complete the import by copying the certificate’s Secret Identifier ARN and configuring it in DuploCloud.
There are no certificates available message in Azure Key Vault
On the Certificates page, select the certificate and open its current version.
CURRENT VERSION of certificate
Copy the Secret Identifier using the Copy Icon (). You will paste it when you configure the certificate in DuploCloud in the next step.

3. Configuring the SSL Certificate in DuploCloud

With the Secret Identifier copied to your clipboard, you are ready to configure the certificate in the DuploCloud Portal:

In the DuploCloud Portal, navigate to Administrator -> Plans.
Select the Plan to which you want to add the certificate from the NAME column. The Plan details page displays.
Select the Certificates tab.
Certificates tab on the Plan page
Click Add. The Add a Certificate pane displays.
Add a Certificate pane
Enter a Name for the certificate.
Paste the Secret Identifier you copied from the Azure Portal into the Certificate ARN field.
Click Create.

4. Using the SSL Certificate for Ingress in DuploCloud (Optional)

Before attaching SSL certificates to a Kubernetes Ingress resource in DuploCloud, ensure an Azure Application Gateway is already created and configured.

Once the Application Gateway is set up, you can attach the certificate to an Ingress resource:

In the DuploCloud Portal, navigate to Kubernetes -> Ingress.
Locate the Ingress associated with the Azure Application Gateway. Click the menu icon () on that row and select Edit. The Edit Kubernetes Ingress pane displays.
Select the certificate from the Certificate ARN dropdown.

Click Update.

The SSL certificate is now attached to the Ingress and will be used by the Application Gateway for HTTPS traffic.

Import SSL Certificates

Import SSL certificates to establish secure access to the DuploCloud Portal

Establish secure access to the DuploCloud portal by importing SSL certificates and configuring them within DuploCloud.

Prerequisites

Contact DuploCloud support: Contact DuploCloud staff via email or your private Slack channel to request the following for SSL certificate setup and configuration:
- Security Certificate (.crt) file
- Certificate Private Key
- Certificate Bundle (.crt) containing the Intermediate and Root Certificates. You can download the Certificate Bundle from https://support.globalsign.com/ca-certificates/intermediate-certificates/alphassl-intermediate-certificates.

1. Generating the PFX File

Because Azure supports only PFX files for SSL certificates, you must convert the CRT file that DuploCloud provides you to PFX format.

To do this, enter the following using the command line:

openssl pkcs12 -export -out certificate.pfx -inkey <CERTIFICATE_PRIVATE_KEY>.key -in <SECURITY_CERTIFICATE_FILE>.crt -certfile <CERTIFICATE_BUNDLE>.crt

When running this command, you will be prompted to create a password. Save it securely; you'll need it when importing the certificate to Azure KeyVault.

2. Importing SSL Certificates to Azure Key Vault

After you generate the PFX file, import it to Azure Key Vault:

Sign in to the Azure Portal and access Azure Key Vault.
Select the respective Azure Key Vault for your environment (for example, production versus test) to import the PFX file as shown below.
Azure Key Vaults in the Azure Portal
In Azure Key Vault, navigate to Objects -> Certificates.
Generate/Import option in Azure Key Vault
Click Generate/Import. The Create a Certificate form displays.
In the Method of Certificate Creation field, select Import.
Name the Certificate in the Certificate Name field.
Upload the PFX file using the Upload Certificate File field.
In the Password field, enter the password you set when you generated the PFX file.
Create a Certificate form in Azure Key Vault
Click Create. The certificate is created, but not yet available for use, as indicated by the message: There are no certificates available message. In the remaining steps, we will complete the import by copying the certificate’s Secret Identifier ARN and configuring it in DuploCloud.
There are no certificates available message in Azure Key Vault
On the Certificates page, select the certificate and open its current version.
CURRENT VERSION of certificate
Copy the Secret Identifier using the Copy Icon (). You will paste it when you configure the certificate in DuploCloud in the next step.

3. Configuring the SSL Certificate in DuploCloud

With the Secret Identifier copied to your clipboard, you are ready to configure the certificate in the DuploCloud Portal:

In the DuploCloud Portal, navigate to Administrator -> Plans.
Select the Plan to which you want to add the certificate from the NAME column. The Plan details page displays.
Select the Certificates tab.
Certificates tab on the Plan page
Click Add. The Add a Certificate pane displays.
Add a Certificate pane
Enter a Name for the certificate.
Paste the Secret Identifier you copied from the Azure Portal into the Certificate ARN field.
Click Create.

4. Using the SSL Certificate for Ingress in DuploCloud (Optional)

Before attaching SSL certificates to a Kubernetes Ingress resource in DuploCloud, ensure an Azure Application Gateway is already created and configured.

Once the Application Gateway is set up, you can attach the certificate to an Ingress resource:

In the DuploCloud Portal, navigate to Kubernetes -> Ingress.
Locate the Ingress associated with the Azure Application Gateway. Click the menu icon () on that row and select Edit. The Edit Kubernetes Ingress pane displays.
Select the certificate from the Certificate ARN dropdown.

Click Update.

The SSL certificate is now attached to the Ingress and will be used by the Application Gateway for HTTPS traffic.