Before you begin
We strongly recommend using a fully qualified domain name for the Microsegmentation Console.
You will require three different DNS records, for example:
https://microsegmentation.acme.comfor the web interface
https://api.microsegmentation.acme.comfor the API
https://monitoring.microsegmentation.acme.comfor the monitoring if you choose to deploy it (recommended)
Most Kubernetes providers assign service IPs and URLs only at the time of deployment. You will then need to make the link between the URL above and what is assigned. Voila will help you with that process.
If you are using an Amazon ELB you cannot use its URL as the full qualified domain name for the services as it will cause issues with cookie policies in the web browser.
Using custom certificates
By default, the Microsegmentation Console uses a certificate signed by a certificate authority (CA) generated in the Voila environment. They won’t be trusted by browsers and other clients unless you choose to deploy and trust the certificate authority (CA) to the machine that will access the web interface or the API.
If you wish to supply the Microsegmentation Console with custom certificates, complete the following preliminary steps.
Given the following Microsegmentation Console DNS records above:
- User interface accessible from
- API accessible from
- (optional) Monitoring accessible from
Request an X.509 certificate issued by a trusted CA with the following information:
- Common name (CN):
- Subject alternative names (SAN):
Note: You can use a wildcard
*.microsegmentation.acme.com as well if needed.
Once done you should have the following certificates in X.509 format:
- A CA chain with intermediate chain if any named
- A certificate issued the above CA named
- A private key not protected by passphrase named