eclipse-che · tolusha · Jul 20, 2023 · Jul 13, 2023 · Jul 17, 2023 · Jul 18, 2023
@@ -0,0 +1 @@
+* xref:configuring-che-with-self-signed-certificate.adoc[]
@@ -55,6 +55,7 @@
 ** xref:configuring-networking.adoc[]
 *** xref:configuring-network-policies.adoc[]
 *** xref:configuring-che-hostname.adoc[]
+*** xref:configuring-che-with-self-signed-certificate.adoc[]
 *** xref:importing-untrusted-tls-certificates.adoc[]
 *** xref:adding-labels-and-annotations.adoc[]
 ** xref:configuring-storage.adoc[]

@@ -0,0 +1,66 @@
+:_content-type: PROCEDURE
+:description: Configuring {prod-short} with self-signed certificates
+:keywords: administration guide, configuring, {prod}, {prod-short}, self-signed, certificate
+:navtitle: Configuring {prod-short} with self-signed certificates
+:page-aliases: installation-guide:configuring-che-with-self-signed-certificate.adoc
+
+[id="configuring-{prod-id-short}-with-self-signed-certificate"]
+= Configuring {prod} with self-signed certificate
+
+By default `{prod-cli}` creates a {kubernetes} Job to generate self-signed certificate to deploy {prod-short} with.
+This procedure describes how to configure a custom self-signed certificate on prior of deploying {prod-short}.
+
+.Prerequisites
+
+* An active `{orch-cli}` session with administrative permissions to the destination {orch-name} cluster. See {orch-cli-link}.
+
+* Generated certificate and private key files.
+
+.Procedure
+
+. Pre-create a {orch-namespace} for {prod-short}:
++
+[subs="+quotes,attributes"]
+----
+$ {orch-cli} create {orch-namespace} {prod-namespace}
+----
+
+. Create a `che-tls` secret:
++
+[subs="+quotes,attributes"]
+----
+$ {orch-cli} create secret tls che-tls \
+--key __<key_file>__ \ <1>
+--cert __<cert_file>__ \ <2>
+-n {prod-namespace}
+----
+<1> A file with the private key in PEM format
+<2> A file with the public key certificates in PEM format
+
+. Add the required labels to the secret:
++
+[subs="+quotes,attributes"]
+----
+$ {orch-cli} label secret che-tls app.kubernetes.io/part-of=che.eclipse.org -n {prod-namespace}
+----
+
+. Create a `self-signed-certificate` secret:
++
+[subs="+quotes,attributes"]
+----
+$ {orch-cli} create secret generic self-signed-certificate \
+--from-file=ca.crt=__<certitifcate_chain_of_trust_file>__ \ <1>
+-n {prod-namespace}
+----
+<1> A file with certificate chain of trust in PEM format
+
+. Add the required labels to the secret:
++
+[subs="+quotes,attributes"]
+----
+$ {orch-cli} label secret self-signed-certificate app.kubernetes.io/part-of=che.eclipse.org -n {prod-namespace}
+----
+
+.Additional resources
+
+* xref:installing-che.adoc[]
@@ -9,5 +9,6 @@
 
 * xref:configuring-network-policies.adoc[]
 * xref:configuring-che-hostname.adoc[]
+include::example$snip_{project-context}-xref-configuring-che-with-self-signed-certificate.adoc[]
 * xref:importing-untrusted-tls-certificates.adoc[]
 * xref:adding-labels-and-annotations.adoc[]
@@ -341,3 +341,7 @@ $ {prod-cli} dashboard:open
 ----
 
 . Log in to the {prod-short} instance with *Username:* `test` and *Password:* `test`.
+
+.Additional resources
+
+* xref:configuring-che-with-self-signed-certificate.adoc[]
@@ -49,3 +49,6 @@ $ {prod-cli} server:status
 ----
 $ {prod-cli} dashboard:open
 ----
+.Additional resources
+
+* xref:configuring-che-with-self-signed-certificate.adoc[]