Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

This document is OUTDATED.

Need to updated with latest design for setting up HTTPS

Bahmni EKS clusters out of box comes with Kubernetes Ingress Controller Fake Certificate. End-to-end TLS encyprtion is required in order to ensure our channel / data transmission is encrypted and in addition its equally important for regularity requirements like PCI and HIPPA etc.


  • The certificate should be issues in us-east-1 (Virginia) in order to be used by CloudFront

  • Use wild card to support the same certificate by sub domains or list all your domains with sub domains e.g.* (note that single * would only support single subdomain, if you have multiple subdomains such as, then you would need to add multiple wildcards *.*


Once the certificate is Issued, go inside the certificate and "Create Record in Route 53" under Domains to create CNAME(s) for the issued domain(s) in Route53