Until BOSH implements automatic TLS certificate configuration the way to enable TLS for on-demand services (that support TLS in the first place) is:
cf create-servicecf create-service-key(the key is need to get the address(es) of the ODB instancecf update-service -c(update the service with the addresses for TLScf delete-service-key
This CF CLI plugin automates these steps. It provides two commands:
For new service instance, you can automate all four steps. Just run cf create-service-with-tls with all the arguments you'd pass to cf create-service. For example:
cf create-service-with-tls p.mysql db-small mydb
This plugin will first execute cf create-service and then immediately cf enable-tls so you'll get a ready to use service with TLS already enabled.
For existing service instances, you can use cf enable-tls to configure TLS. It will perform steps 2-4 for you automatically. For example:
cf enable-tls mydb
Currently this plugin supports the following services:
- MySQL for PCF 2.3+
- RabbitMQ for PCF 1.13+
go build
cf install-plugin cf-cli-enable-tls-plugin