Use Official Certificate Authority

In production, ESS should run with certificates from an official Certificate Authority (CA) for all external facing services rather than self-signed certificates.

Example Customization

The following customization example uses Let’s Encrypt as the Certificate Authority. Specifically, the customization directs all your Ingress resources to use Let’s Encrypt.

Go to your ESS installation directory:
```
cd ${HOME}/ess
```
Modify the kustomization.yaml (i.e., step 3 of the Applying Your Customizations procedure). Specifically, add the highlighted content to the kustomization.yaml file under the patches key:
{% hint style="info" %} Tip If the patches key does not exist in kustomization.yaml , add the key patches as well. {% endhint %}

kustomization.yaml in your ESS installation directory... Preceding content omitted for brevity...

patches:`` ``- target: kind: Ingress patch: |- - op: replace path: /metadata/annotations/cert-manager.io~1issuer value: letsencrypt-prod

Continue with the rest of the Applying Your Customizations procedure.

PreviousManage OpenID Token Issuer Allow/Deny Lists NextAdd Custom Certificates to ESS Services

Last updated 9 days ago