Add custom SSL certificate to Pliant
Pliant by default uses HTTPS with a self signed certificate. This will cause a security warning in the browser that users have to click past to get to Pliant. If they replace that certificate with a certificate that has been signed by a trusted Certificate Authority (CA), then the warnings no longer appear.
Pliant recommends using the full certificate chain in your certificate file if possible.
We assume here that the user has already generated the private key and gotten the signed certificate from a trusted CA. If this is not the case, an example of how to proceed is here: SSL Store Example
If your key and cert are in a pfx file, you will need to convert that file into two files:
cert.pem (containing the SSL cert or full cert chain)
key.pem (containing only the private key)
Upload the certificate and private key files to the Pliant host or Kubernetes management station
SSH to the Pliant host or Kubernetes management station
Rename the certificate file to “cert.pem” and the key file to “key.pem”, then place them into a directory called “cert”. You can use the following commands:
3a. Add the current paths/names of the certificate and key files here
3b. Create a directory to temporarily hold the cert/key pair
3c. Move the certificate and key into that folder with new names
If you are replacing a previous custom SSL cert, you must delete it first using this command:
kubectl delete secret pliant-ssl-cert
4. Create a Kubernetes secret object from that directory
5. Patch the pliant-proxy deployment so that it will use the new secret. Paste in all of the following text as a single command:
The pliant-proxy will then restart automatically. Any subsequent sessions to the Pliant web interface or remote API connections will use the new certificate.
If the new SSL cert is still not appearing, use this command to restart the pliant-proxy:
kubectl rollout restart deployment pliant-proxy