Using TLS certificates with Remediate

By default Puppet Remediate uses self-signed TLS certificates. You can also optionally set and configure your own certificates for Remediate if you prefer.

When you log into Remediate, it uses a self-signed site certificate. If you don't want to use this automatically-generated self-signed cert, you can employ your own certificate signed by a third-party certificate authority.

The Remediate CLI tool contains commands you use to set, unset, and refresh certificates.

  • start --certfile [string] --keyfile [string] - Starts Remediate using the specified certificate and key instead of the default self-signed certificate.
  • set-frontdoor-cert --certfile [string] --keyfile [string] - Restarts Remediate using the specified certificate and key.
  • unset-frontdoor-cert - Unsets any certificates set using either of the above two commands and tells Remediate to use the default sign-signed certificates.
  • refresh-internal-certs - Remediate uses a set of internal Docker certificates that are valid for one year only. On offline instances, expired certificates are not updated automatically on upgrade. Use this command refresh any expired certificates. This command does not refresh any certificates you have set using the above two commands.

For more detailed information on these Remediate CLI commands, see Configuring Remediate.