Manual TLS Certificates How-to - Provision certificates

Provide Certificates

1. Deploy Manual TLS Certificates

juju deploy manual-tls-certificates

Relate it to the charm requiring TLS Certificates:

juju relate manual-tls-certificates <your-charm>

2. Retrieve the certificate signing request

Retrieve all certificate signing requests that don’t have certificates already provided:

juju run manual-tls-certificates/leader get-outstanding-certificate-requests

For the specific relation ID associated to your charm, retrieve the certificate signing request:

juju run manual-tls-certificates/leader get-certificate-request relation-id=<id>

The output of this action is the certificate signing request, use it to obtain a signed TLS Certificate.

3. Provide the certificate

Once you have the certificate signed, provide it to the requiring charm using this action:

juju run manual-tls-certificates/leader provide-certificate \
  relation-id=<id> \
  certificate="$(base64 -w0 certificate.pem)" \
  ca-chain="$(base64 -w0 ca_chain.pem)" \
  ca-certificate="$(base64 -w0 ca_certificate.pem)" \
  certificate-signing-request="$(base64 -w0 csr.pem)" \
  unit-name="<unit-name>"

At this point the certificate is available for the requirer unit which requested it.