Updating TLS Certificates for On-Prem Admin

Each Replicated installation requires customers to either use a locally generated
self-signed TLS/SSL cert or provide their own certs during setup.

Secure The Console

If after initial setup this needs to be changed, it can be done so from the command
line by using the
SSL cert set CLI command
or via the UI at https://:8800/console/settings

Console Settings

As of Replicated 2.25, provided certs will be used for internal Replicated communication in addition to serving the admin console. For the Replicated Docker registry to use the provided cert the server IP address must be listed as a SAN in the certificate. If the IP is not present Replicated will use a self-signed certificate for the internal Docker registry, but will still use the provided certificate for other internal communication.

This IP address will be the private address chosen during the installation. It will be either auto-detected by the install script (if there is only one physical interface) or it will be selected manually by the person installing replicated.

After Replicated has been installed, the IP address can be checked by running replicatedctl params export | grep RegistryAdvertiseAddress

Certificates must use RSA key pairs. ECC is not yet supported.