Downloading a Certificate

Download enables the DevOps teams and application owners to download a retrieve certificate from certificate inventory for their application deployed in the desired Kubernetes cluster. The certificate which is downloaded can be deployed directly to the Kubernetes secrets or even the local volumes of the Kubernetes pods or containers.

Prerequisites

  • A valid certificate and key available in the certificate inventory of KUBE+.

To download a certificate:

  1. Go to menu > KUBE+ > Cluster Security > Secure Apps.
  2. Click Download.
  3. On the Download Certificate page, enter/select the field information in the General Information section for CertLoad resource to be created on Kubernetes cluster.
    Table 1. Download Certificate - Field and Description Table
    Field Description
    Certificate Type The type of certificate to be downloaded from the inventory. The type can be either 'Server' or 'Client'.
    Common Name Common name of the certificate.
    Look for certificates in Inventory The 'Search' button allows you to retrieve certificates based on the provided common name.
    Select Certificate Select the certificate from the search results.
    Serial Number Select the associated serial number of the certificate
    Certificate Name Enter a Certificate Name for certificate storage within the K8s cluster.
    Download To

    Select the endpoint where the cert is to be deployed. The options are:

    Secret: KUBE+ enrolls the certificate and stores signed certificate and key in k8s secret.

    POD: KUBE+ has a CSI provider, which provisions certificates in the pod's local volume.
    Namespace The name of the namespace within the Kubernetes cluster where the secret will be created.
    Secret Name Enter a Secret Name for storing the certificate within the K8s cluster.
    Format The certificate file format that should be downloaded to the pod. The supported formats include PEM, PFX, P12, and JKS.
    Encoding The encoding type of the file content. Supported types include utf-8, hex, and base64.
    Password If the certificate download is password-protected, provide the password.
    Alias Name The alias name in the keystore for the certificate file format, when it is in JKS format.
    Alias Password The password for the alias.
    Is CA Required Download the trust store for the enrolled certificate. Set to "False" will result in the download only leaf certificates.
    File Name The name of the certificate file to be created in the pod.
  4. Click Generate YAML to get the certificate to be downloaded in the Download YAML field.
  5. Copy and deploy the YAML in the cluster to retrieve the certificate from the Inventory. After the deployment is finished, click Cancel.
  6. Alternatively, the YAML configuration can also be downloaded as a YAML file.