Change TLS settings between client and CRDP

In the values.yaml file, under configuration, update the value of servermode to tls-cert.

Add the below lines to the data section of kind:Secret in the deployment.yaml file.

    data:
        server.crt: {{.Values.configuration.servercrt}}
        server.key: {{.Values.configuration.serverkey}}
        trustedca: {{.Values.configuration.trustedca}}

Update your CRDP deployment using the following command.

        helm upgrade <helm-chart-name> <path-of-helm-chart> -n <namespace>

In your deployment file, in the data section of ConfigMap, set SERVER_MODE to tls-cert.

Add the below lines to the data section of kind:Secret in the deployment.yaml file.

    data:
    server.crt: {{.Values.configuration.servercrt}}
    server.key: {{.Values.configuration.serverkey}}
    trustedca: {{.Values.configuration.trustedca}}

Update your CRDP deployment using the following command.

    kubectl replace -f <deployment_filename> -n <namespace>

Stop the existing container.

In the environment variable, set the SERVER_MODE field to tls-cert. When SERVER_MODE is set to tls-cert, you must also specify the following environment variables:

• CERT_VALUE

• KEY_VALUE

• TRUSTED_CA

Restart the container using the following command.

    docker run -e KEY_MANAGER_HOST=<IP_address/host_name> -e REGISTRATION_TOKEN=<registration_token> -p <host-port>:<CRDP_port> -e SERVER_MODE=tls-cert -e CERT_VALUE=<> -e KEY_VALUE=<> -e TRUSTED_CA=<> <crdp_image_name>

Now, CRDP will verify the certificate presented by the client.

In the values.yaml file, under configuration, update the value of servermode to tls-cert-opt.

Add the below lines to the data section of kind:Secret in the deployment.yaml file.

    data:
        server.crt: {{.Values.configuration.servercrt}}
        server.key: {{.Values.configuration.serverkey}}

Update your CRDP deployment using the following command.

        helm upgrade <helm-chart-name> <path-of-helm-chart> -n <namespace>

In your deployment file, in the data section of ConfigMap, set SERVER_MODE to tls-cert-opt.

Add the below lines to the data section of kind:Secret in the deployment.yaml file.

    data:
        server.crt: {{.Values.configuration.servercrt}}
        server.key: {{.Values.configuration.serverkey}}

Update your CRDP deployment using the following command.

    kubectl replace -f <deployment_filename> -n <namespace>

Stop the existing container.

In the environment variable, set the SERVER_MODE field to tls-cert-opt. When SERVER_MODE is set to tls-cert-opt, you must also specify the following environment variables:

• CERT_VALUE

• KEY_VALUE

Restart the container using the following command.

    docker run -e KEY_MANAGER_HOST=<IP_address/host_name> -e REGISTRATION_TOKEN=<registration_token> -p <host-port>:<CRDP_port> -e SERVER_MODE=tls-cert-opt -e CERT_VALUE=<> -e KEY_VALUE=<> <crdp_image_name>

In the values.yaml file, under configuration, update the value of servermode to no-tls.

Update your CRDP deployment using the following command.

        helm upgrade <helm-chart-name> <path-of-helm-chart> -n <namespace>

In your deployment file, in the data section of ConfigMap, set SERVER_MODE to no-tls.

Update your CRDP deployment using the following command.

    kubectl replace -f <deployment_filename> -n <namespace>

Stop the existing container.

In the environment variable, set the SERVER_MODE field to no-tls.

Restart the container using the following command.

    docker run -e KEY_MANAGER_HOST=<IP_address/host_name> -e REGISTRATION_TOKEN=<registration_token> -p <host-port>:<CRDP_port> -e SERVER_MODE=no-tls <crdp_image_name>