SSL Certificates

Create CSR File

The following instructions are done on a Mac, though the same commands should work on Linux and Windows (though you will need to install openssl, if you don't already have it).

1. Create a file named passphrase.txt with a strong password in it.
2. Create a private key: openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048
3. Create the CSR file openssl req -new -passin file:passphrase.txt -key private.key -out natcomplaints.nrs.gov.bc.ca.csr -subj "/C=CA/ST=British Columbia/L=Victoria/O=Government of the Province of British Columbia/OU=FLNRORD/CN=natcomplaints.nrs.gov.bc.ca"
4. In open shift, go to the route and copy the key and place in a file named .key
5. In same directory, create a new file named passphrase.txt, with a strong password in its contents
6. Run this command openssl req -new -passin file:passphrase.txt -key natcomplaints.nrs.gov.bc.ca.key -out natcomplaints.nrs.gov.bc.ca.csr -subj "/C=CA/ST=British Columbia/L=Victoria/O=Government of the Province of British Columbia/OU=FLNRORD/CN=natcomplaints.nrs.gov.bc.ca"
7. Request a new cert (e.g. https://apps.nrs.gov.bc.ca/int/jira/browse/INFRA-23115). Note, if you don't have permission to the INFRA project, you'll get a 404 or a permission denied error.
8. Wait until the certificate is created.

Apply SSL Cert

1. Once the certificate is generated, you'll get a certificate and a L1K Chain.txt file.
2. Log into OpenShift and navigate to the production Vanity URL (https://console.apps.silver.devops.gov.bc.ca/k8s/ns/c1c7ed-prod/routes/natcomplaints-vanity)
3. Edit the route.
4. Copy and paste the generated cert in the route's certificate field.
5. Copy and paste the key in the route's private key field.
6. Copy and paste Plop the new cert followed by the L1K file (two certs back to back, same field)