Updating TLS/SSL certificates#
You can replace the self-signed certificates Data Science & AI Workbench generates during installation at any time.
Preparing for the update#
Anaconda recommends that you gather the following information and files before you proceed. If you are using the admin console, place your files in a location where you can view them to copy their contents into the applicable fields within the UI. If you are updating your certificates using the command line, you’ll need to copy your files to the server.
- Most installations will need the following items:
The fully qualified domain name (FQDN) of the server
The public SSL certificate for the domain:
tls.crt
The private SSL key for the domain:
tls.key
If applicable, the intermediate certificate bundle:
intermediate.pem
If your certificate was issued by a private root CA, the public certificate for that CA:
rootca.crt
- If you are using LetsEncrypt, your filenames will be different:
The public SSL certificate for the domain:
cert.pem
The private SSL key for the domain:
privkey.pem
The intermediate certificate bundle:
chain.pem
No root CA file is needed in this case.
- If you are using a different domain and/or SSL certificate for the session/deployment subdomains, you also need:
The wildcard subdomain FQDN
The public SSL certificate for the wildcard subdomain:
wildcard.crt
The private SSL key for the wildcard subdomain:
wildcard.key
Note
Workbench assumes that the intermediate certificate and root CA (if applicable) are identical for both certificates.
Workbench version 5.6+ automatically applies the updated SSL certificates to all running sessions and deployments.
Updating SSL certificates#
You can update your TLS/SSL certificates using the Workbench administrator console.
Log in to Workbench as an administrator.
Open the My Account dropdown menu and select Admin Console.
Select Web Certificates from the left-hand menu.
Enter your certificate and key information from the files you gathered during preparation into the appropriate fields. Make sure to paste the content of each file into the appropriate box, not the filenames.
Domain name: The server FQDN
SSL Certificate:
tls.crt
/cert.pem
SSL Private Key:
tls.key
/privkey.pem
Root Certificate:
rootca.crt
if applicableIntermediate Certificate:
intermediate.pem
/chain.pem
if applicableWildcard Domain: The subdomain FQDN if applicable; the server FQDN again if not. Do not include an asterisk.
Wildcard Certificate:
wildcard.crt
if applicable;tls.crt
/cert.pem
if not.Wildcard Private Key:
wildcard.key
if applicable;tls.key
/privkey.pem
if not.
Click Save to update the platform with your changes.
If your root CA has changed, restart the Workbench system pods to ensure the pods that use this certificate pick up the new copy by running the following command:
# Replace <NAMESPACE> with your Workbench cluster namespace kubectl delete -n <NAMESPACE> --wait=false $(kubectl get pods -o name|grep ap-)
Note
If you use the Workbench CLI, you must configure the certificates there as well.