Hi there,
To begin with, I have successfully deployed OMT for one control node and three worker nodes, and I have a question regarding the certificates.
I am here quoting from the documentation in Communication between OMT and external services:
"The ingress controller is a Kubernetes component that manages incoming requests to services in the Kubernetes cluster. For example, users connect to AppHub by using a web browser. Certificates for the ingress controller can come from a self-signed certificate authority (CA) in OMT, or you can provide them yourself. By default, the CA in OMT generates the ingress controller certificates, unless you upload your own during installation. However, if you don't upload your own certificates, browsers may display an "insecure connection" warning when connecting to OMT. OMT requires the server certificate, server key, and CA certificate for the ingress controller."
But there is no mention of going from a self-signed certificate to a CA-signed (customer's) one.
My question is:
Is it possible to change the self-signed certificate to a CA-signed (customer's) one after the OMT is successfully deployed?
1. If yes, should I follow through by checking and renewing the certificate mentioned in Renew customer provided ingress controller certificates with the customer's CA-signed certificate?
2. If not, what should be done in this situation?
Thanks