How to install TLS certificates

When no tls certificates are provided the platform will create a self-signed TLS certificate on its first start. This self-signed certificates lead to security warnings in the browsers when accessing the web interface of the platform.

To overcome this warnings in a productive system, the platform provides capabilities to exchange the self-signed certificates with valid ones:

  1. Rename the certificate and key file to tls.crt and tls.key and place it in the directory next to the deploy_platform.sh script.

  2. Run ./deploy_platform.sh --install-certs

  3. Optional: To make the installed certificates outlast redeployments of the platform, place tls.crt and tls.key in $FAST_DATA_DIR/tls (the value of FAST_DATA_DIR is set in deploy_platform.sh.)

This procedure will also restart the pods of the platform related for TLS and the new certificate will be used for any subsequent https requests.