Add SSL certificate for Cloudbreak web UI
By default Cloudbreak has been configured with a self-signed certificate for access via HTTPS. This is sufficient for many deployments such as trials, development, testing, or staging. However, for production deployments, a trusted certificate is preferred and can be configured in the controller. Follow these steps to configure the cloud controller to use your own trusted certificate.
To use your own certificate, you must have:
- A resolvable fully qualified domain name (FQDN) for the controller host IP address. For example, this can be set up in Amazon Route 53.
- A valid SSL certificate for this fully qualified domain name. The certificate can be obtained from a number of certificate providers.
SSH to the Cloudbreak host instance:
ssh -i mykeypair.pem cloudbreak@[CONTROLLER-IP-ADDRESS]
Make sure that the target fully qualified domain name (FQDN) which you plan to use for Cloudbreak is resolvable:
Browse to the Cloudbreak deployment directory and edit the
Replace the value of the
PUBLIC_IPvariable with the
Copy your private key and certificate files for the FQDN onto the Cloudbreak host. These files must be placed under
File permissions for the private key and certificate files can be set to 600.
File Example PRIV-KEY-LOCATION /var/lib/cloudbreak-deployment/certs/traefik/hdcloud.example.com.key CERT-LOCATION /var/lib/cloudbreak-deployment/certs/traefik/hdcloud.example.com.crt
Configure TLS details in your
Profileby adding the following line at the end of the file.
PRIV-KEY-LOCATIONare file locations from Step 5, starting at the
Restart Cloudbreak deployer:
Using your web browser, access the Cloudbreak UI using the new resolvable fully qualified domain name.
Confirm that the connection is SSL-protected and that the certificate used is the certificate that you provided to Cloudbreak.