In correlation with the end of life (EOL) for MKE 3.4.x, maintenance of this documentation set was discontinued as of 2023-APR-11. Click
here for the latest MKE 3.x version documentation.
Use an External Certificate Authority
You can customize MKE to use certificates signed by an External
Certificate Authority (ECA). When using your own certificates,
include a certificate bundle with the following:
ca.pem
file with the root CA public certificate.
cert.pem
file with the server certificate and any intermediate CA
public certificates. This certificate should also have Subject Alternative
Names (SANs) for all addresses used to reach the MKE manager.
key.pem
file with a server private key.
You can either use separate certificates for every manager node or one
certificate for all managers. If you use separate certificates, you must use a
common SAN throughout. For example, MKE permits the following on a three-node
cluster:
node1.company.example.org
with the SAN mke.company.org
node2.company.example.org
with the SAN mke.company.org
node3.company.example.org
with the SAN mke.company.org
If you use a single certificate for all manager nodes, MKE automatically copies
the certificate files both to new manager nodes and to those promoted to a
manager role.