Hortonworks Docs » Cloudbreak 2.8.0 » Advanced Cloudbreak Configuration
Advanced Cloudbreak Configuration
Also available as:
PDF

Use SSL certificate for Cloudbreak

By default Cloudbreak is configured with a self-signed certificate for access via HTTPS. This is sufficient for many deployments such as trials, development, testing, or staging. However, for production deployments, you should obtain and configure a trusted certificate.

Follow these steps to configure Cloudbreak to use your own trusted certificate.

Prerequisites

To use your own certificate, you must have:

  • A resolvable fully qualified domain name (FQDN) for the controller host IP address. For example, this can be configured in Amazon Route 53.
  • A valid SSL certificate for this fully qualified domain name. The certificate can be obtained from a number of certificate providers.

Steps

  1. SSH to the Cloudbreak host instance:
    ssh -i mykeypair.pem cloudbreak@[CONTROLLER-IP-ADDRESS]
  2. Make sure that the target fully qualified domain name (FQDN) which you plan to use for Cloudbreak is resolvable:
    nslookup [TARGET-CONTROLLER-FQDN]

    For example:

    nslookup hdcloud.example.com
  3. Browse to the Cloudbreak deployment directory and edit the Profile file:
    vi /var/lib/cloudbreak-deployment/Profile
  4. Replace the value of the PUBLIC_IP variable with the TARGET-CONTROLLER-FQDN value:
    PUBLIC_IP=[TARGET-CONTROLLER-FQDN]
  5. Copy your private key and certificate files for the FQDN onto the Cloudbreak host. These files must be placed under /var/lib/cloudbreak-deployment/certs/traefik/ directory.
    Note
    Note

    File permissions for the private key and certificate files can be set to 600.

    File Example
    PRIV-KEY-LOCATION /var/lib/cloudbreak-deployment/certs/traefik/hdcloud.example.com.key
    CERT-LOCATION /var/lib/cloudbreak-deployment/certs/traefik/hdcloud.example.com.crt
  6. Configure TLS details in your Profile by adding the following line at the end of the file.
    Note
    Note

    Notice that CERT-LOCATION and PRIV-KEY-LOCATION are file locations from Step 5, starting at the /certs/... path.

    export CBD_TRAEFIK_TLS=”[CERT-LOCATION],[PRIV-KEY-LOCATION]”

    For example:

    export CBD_TRAEFIK_TLS="/certs/traefik/hdcloud.example.com.crt,/certs/traefik/hdcloud.example.com.key"
  7. Restart Cloudbreak deployer:
    cbd restart
  8. Using your web browser, access the Cloudbreak UI using the new resolvable fully qualified domain name.
  9. Confirm that the connection is SSL-protected and that the certificate used is the certificate that you provided to Cloudbreak.
© 2012–2019, Hortonworks, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Hortonworks.com | Documentation | Support | Community