This document is OUTDATED.
Need to updated with latest design for setting up HTTPS
Bahmni EKS clusters out of box comes with Kubernetes Ingress Controller Fake Certificate. End-to-end TLS encyprtion is required in order to ensure our channel / data transmission is encrypted and in addition its equally important for regularity requirements like PCI and HIPPA etc.
...
The certificate should be issues in
us-east-1 (Virginia)in order to be used byCloudFrontUse wild card to support the same certificate by sub domains or list all your domains with sub domains e.g.
*.mybahmni.in(note that single * would only support single subdomain, if you have multiple subdomains such as sub1.sub2.example.com, then you would need to add multiple wildcards*.*.example.com)
...
Once the certificate is Issued, go inside the certificate and "Create Record in Route 53" under Domains to create CNAME(s) for the issued domain(s) in Route53
...