Installing Trusted Certificate for GUI/API Access

The steps to install a trusted certificate for GUI/API access is follows:
  1. To create a secret external-tls-credential of type tls, execute the following command: 
    kubectl --kubeconfig=~/.kube/config create -n istio-system secret tls external-tls-credential --key=/etc/qualys/ssl/appviewx.com.key --cert=/etc/qualys/ssl/ssl-bundle.crt
    For example:
    kubectl --kubeconfig=~/.kube/config create -n istio-system secret tls external-tls-credential --key=/etc/qualys/ssl/appviewx.com.key --cert=/etc/qualys/ssl/ssl-bundle.crt

    where:

    • ~/.kube/config should be present in each node
    • ~/.kube will be present in the home folder of the installing user
  2. Replace secret name tls-credential with external-tls-credential in the values.yaml file.
    Note: The values.yaml file is available at installerLocation/appviewx_kubernetes/yaml/appviewx_plugins/avx_platform_web/chart/
    • To replace, execute the following command: 
      sed -i 's/tls-credential/external-tls-credential/g' <installerLocation>/appviewx_kubernetes/yaml/appviewx_plugins/avx_platform_web/chart/values.yaml
  3. Update the Gateway to consume the latest changes:
    1. To navigate to the <installerLocation>/appviewx_kubernetes/yaml/appviewx_plugins/avx_platform_web directory, execute the following command: 
      cd <installerLocation>/appviewx_kubernetes/yaml/appviewx_plugins/avx_platform_web
    2. To upgrade the avx-platform-web package to reflect changes, execute the following command:
      helm upgrade avx-platform-web ./chart
  4. Verify the application URL to check SSL is enabled.
  5. Verify the certificate by launching the Appviewx portal.
    The URL is https://<Service URL>:Port>/appviewx