VRT System/SSL

To create SSL keys you can easily follow the steps here (https://wikitech.wikimedia.org/wiki/Cergen) but with the following exceptions:

• The template you create must not have a password defined as this will result in an encrypted key and envoy proxy will not be able to use it.
• To resolve the above, do not include a password in your template. A sample template is shown below:

ticket-test.discovery.wmnet:
  authority: puppet_ca
  expiry: null
  alt_names: ["name.example.com",  ...]
  key:
    algorithm: ec

• After generating the keys, upload the public key to puppet in the SSL module. Example change (https://gerrit.wikimedia.org/r/c/operations/puppet/+/959272)