Use SSL certificate for Cloudbreak
By default Cloudbreak is configured with a self-signed certificate for access via HTTPS. This is sufficient for many deployments such as trials, development, testing, or staging. However, for production deployments, you should obtain and configure a trusted certificate.
Follow these steps to configure Cloudbreak to use your own trusted certificate.
To use your own certificate, you must have:
- A resolvable fully qualified domain name (FQDN) for the controller host IP address. For example, this can be configured in Amazon Route 53.
- A valid SSL certificate for this fully qualified domain name. The certificate can be obtained from a number of certificate providers.
- SSH to the Cloudbreak host
ssh -i mykeypair.pem cloudbreak@[CONTROLLER-IP-ADDRESS]
- Make sure that the target fully qualified domain name (FQDN) which you plan to use for
Cloudbreak is resolvable:
- Browse to the Cloudbreak deployment directory and edit the
- Replace the value of the
PUBLIC_IPvariable with the
- Copy your private key and certificate files for the FQDN onto the Cloudbreak host.
These files must be placed under
File permissions for the private key and certificate files can be set to 600.
File Example PRIV-KEY-LOCATION /var/lib/cloudbreak-deployment/certs/traefik/hdcloud.example.com.key CERT-LOCATION /var/lib/cloudbreak-deployment/certs/traefik/hdcloud.example.com.crt
- Configure TLS details in your
Profileby adding the following line at the end of the file.Note
PRIV-KEY-LOCATIONare file locations from Step 5, starting at the
- Restart Cloudbreak deployer:
- Using your web browser, access the Cloudbreak UI using the new resolvable fully qualified domain name.
- Confirm that the connection is SSL-protected and that the certificate used is the certificate that you provided to Cloudbreak.