Update cluster TLS certificate process for Globalsign

README.md

@@ -115,13 +115,53 @@ i.e. "${var.environment}-${var.config}-teacherservices-cloud"
 
 e.g. cluster99-development-teacherservices-cloud
 
+#### GlobalSign certificate generation
+
+##### Generate value for DNS record
+1. Login to GlobalSign with a Service Account
+2. Select Managed SSL -> Select Add Domain
+3. Enter ‘teacherservices.cloud’
+4. Add point of contact(A senior Civil Servant)
+5. Select DNS Verification(on next page)
+
+The feedback should look something like:
+    *Thank you for submitting your application. Your order number is DSMS20003575933.
+    Domain: teacherservices.cloud
+    The DNS value for this domain is:
+
+    XXXXXXXXXXX=XXXXXXXXXXXXXXXXXX*
+
+##### Add generated value to DNS zone
+
+1. Go to DNS Zone in Azure and then select teacherservices.cloud
+2. Create or update a record named @, with type TXT, setting the value to to the value generated in Globalsign (or add as an additional value, if it had a value already)
+
+##### Verify Domain
+
+1. Select ‘Manage Domains’ in GlobalSign
+2. Search for teacherservices.cloud and select the green check mark
+3. Select verify domain
+4. You should receive a feedback [Your domain has been successfully verified.]
+
+##### Create Certificate in Azure
+
+Pre-requisites:
+Ensure CAA record(for teacherservices.cloud) allows GlobalSign, if not add it, this follows the pattern Flags = 0, Tag = issue, value =“globalsign.com”
+reference: https://support.globalsign.com/ssl/general-ssl/how-add-dns-caa-record-dns-zone-file
+
+1. Navigate to Key Vaults, select the applicable Key vault 
+2. Either create a new certificate or generate a new version of an existing certificate(the latter is preferred where possible) - Validity is typically left at 12 months
+
+
 ## Cluster DNS zone configuration
 
 There are two DNS zones for cluster DNS.
 
     - teacherservices.cloud (prod zone)
     - development.teacherservices.cloud (dev zone)
 
+
+
 ### Zone Build
 
 ```