Updated tf-run.data with instruction on obtaining sub-CA cert and Tru…

…st Chain
terraform-modules · Jan 9, 2024 · 065e01c · 065e01c
1 parent 423c84f
commit 065e01c
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.data b/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.data
@@ -40,8 +40,11 @@ COMMAND git-secret hide -m
 COMMAND git add certs/*.key.secret
 COMMENT execute:  git commit -m add-pki-key -a
 
-COMMENT submit certs/*csr using command ouptut listed in apply to TCO for signing
-COMMENT Once that is available, change cert_download to true.  If you have received a certificate manually, from the new MS CA, do NOT change cert_download
+COMMENT Submit certs/*csr using command ouptut listed in apply to TCO for signing
+COMMENT When submitting the form to request TCO to provision the certifcate, in the Additional Information field, enter "requesting sub-CA certificate".
+COMMENT Then contact the TCO team to inform them of the ticket number from the form submission, to raise their awareness of the sub-CA certifcate type.
+COMMENT Also request the TCO team to provide the Trust Chain along with the sub-CA certificate.
+COMMENT Once the sub-CA certificate and Trust Chain files are available, put the sub-CA certificate file under the certs folder and the Trust Chain under certs/root.
 STOP Wait for certificate to be signed, then continue with %%NEXT%%.
 
 TAG have-certificate
@@ -50,6 +53,7 @@ module.cert
 ALL
 ALL
 
+COMMENT Manually append the Trust Chain to the generated certificate bundle
 COMMENT cd cluster-autoscaler and tf-run.sh apply
 COMMENT come back to this directory
 COMMENT cd cloudwatch-agent and tf-run.sh apply