Breadcrumbs

TLS configuration for Artemis System Service

TLS automation configuration script for Artemis.

  1. Navigate to /kubernetes/scripts.

  2. Open generate-artemis-certs.sh file and setup artemis svc name or IP address in SUBJECT_ALT_NAMES as below screenshot.

Use:
1. svc-name when running artemis as helm based

  1. VM IP address when running artemis as system service.

Screenshot 2026-06-10 at 12.58.03.png

  1. Generate new certificates.

    ### Give permissions
chmod +x generate-artemis-certs.sh

### Execute script
./generate-artemis-certs.sh

  2. Go to kubernetes path and re-apply secrets for newly generated certificates in both expertflow and ef-external namespaces.

    #### Delete old secret from ef-external
kubectl delete -f ./pre-deployment/static-tls/activemq-tls.yaml -n ef-external

#### Delete old secret from expertflow
kubectl delete -f ./pre-deployment/static-tls/activemq-tls.yaml -n expertflow

#### Apply to ef-external
kubectl apply -f ./pre-deployment/static-tls/activemq-tls.yaml -n ef-external

#### Apply to expertflow
kubectl apply -f ./pre-deployment/static-tls/activemq-tls.yaml -n expertflow

  3. When deploying CX Core, update these variables in helm-values/ef-cx-custom-values.yaml

    # helm-values/ef-cx-custom-values.yaml
efConnectionVars:
    ACTIVEMQ_SSL_VERIFY_HOST: "true"
    ACTIVEMQ_SSL_TRUST_ALL: "false"

  4. Restart pods if there are any pods running, to be able to establish a connection with newly generated certificates.

    ### Restart pods in expertflow namespace
k delete pods -n expertflow --all