VRT System/SSL

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

To create SSL keys you can easily follow the steps here (https://wikitech.wikimedia.org/wiki/Cergen) but with the following exceptions:

The template you create must not have a password defined as this will result in an encrypted key and envoy proxy will not be able to use it.
To resolve the above, do not include a password in your template. A sample template is shown below:

ticket-test.discovery.wmnet:
  authority: puppet_ca
  expiry: null
  alt_names: ["name.example.com",  ...]
  key:
    algorithm: ec

After generating the keys, upload the public key to puppet in the SSL module. Example change (https://gerrit.wikimedia.org/r/c/operations/puppet/+/959272)