From 065e01c590229ebb6d57b2978c365efac585b9dd Mon Sep 17 00:00:00 2001 From: dang0317 Date: Tue, 9 Jan 2024 15:31:15 -0500 Subject: [PATCH] Updated tf-run.data with instruction on obtaining sub-CA cert and Trust Chain --- .../1.28/common-services/tf-run.data | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.data b/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.data index 10f6f01..b71a5ea 100644 --- a/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.data +++ b/examples/full-cluster-tf-upgrade/1.28/common-services/tf-run.data @@ -40,8 +40,11 @@ COMMAND git-secret hide -m COMMAND git add certs/*.key.secret COMMENT execute: git commit -m add-pki-key -a -COMMENT submit certs/*csr using command ouptut listed in apply to TCO for signing -COMMENT Once that is available, change cert_download to true. If you have received a certificate manually, from the new MS CA, do NOT change cert_download +COMMENT Submit certs/*csr using command ouptut listed in apply to TCO for signing +COMMENT When submitting the form to request TCO to provision the certifcate, in the Additional Information field, enter "requesting sub-CA certificate". +COMMENT Then contact the TCO team to inform them of the ticket number from the form submission, to raise their awareness of the sub-CA certifcate type. +COMMENT Also request the TCO team to provide the Trust Chain along with the sub-CA certificate. +COMMENT Once the sub-CA certificate and Trust Chain files are available, put the sub-CA certificate file under the certs folder and the Trust Chain under certs/root. STOP Wait for certificate to be signed, then continue with %%NEXT%%. TAG have-certificate @@ -50,6 +53,7 @@ module.cert ALL ALL +COMMENT Manually append the Trust Chain to the generated certificate bundle COMMENT cd cluster-autoscaler and tf-run.sh apply COMMENT come back to this directory COMMENT cd cloudwatch-agent and tf-run.sh apply