If you want to use your own certificate for the configured domain, you need the following files (in PEM format):

  • The certificate

  • The certificate’s private key

  • The CA bundle (containing the root and intermediate certificates)

Specify the local file path to these files in the installation config file:

apiVersion: config.kommander.mesosphere.io/v1alpha1
kind: Installation

clusterHostname: <mycluster.example.com>
  certificate: <certs/cert.pem>
  private_key: <certs/key.pem>
  ca: <certs/ca.pem>

Certificates that Support ACME

You can configure the cert-manager to automatically issue a trusted certificate for the configured custom domain. The cert-manager also takes care of renewing the certificate before expiration.

The certificate must be supported by the Automatic Certificate Management Environment or ACME protocol.

Before you start, gather all relevant information (domain, email, keys, PEM file, others) from your certificate provider. We provide a few examples in the next sections: