Advanced Cloudbreak Configuration
Also available as:

Use SSL certificate for Cloudbreak

By default Cloudbreak is configured with a self-signed certificate for access via HTTPS. This is sufficient for many deployments such as trials, development, testing, or staging. However, for production deployments, you should obtain and configure a trusted certificate.

Follow these steps to configure Cloudbreak to use your own trusted certificate.


To use your own certificate, you must have:

  • A resolvable fully qualified domain name (FQDN) for the controller host IP address. For example, this can be configured in Amazon Route 53.
  • A valid SSL certificate for this fully qualified domain name. The certificate can be obtained from a number of certificate providers.


  1. SSH to the Cloudbreak host instance:
    ssh -i mykeypair.pem cloudbreak@[CONTROLLER-IP-ADDRESS]
  2. Make sure that the target fully qualified domain name (FQDN) which you plan to use for Cloudbreak is resolvable:

    For example:

  3. Browse to the Cloudbreak deployment directory and edit the Profile file:
    vi /var/lib/cloudbreak-deployment/Profile
  4. Replace the value of the PUBLIC_IP variable with the TARGET-CONTROLLER-FQDN value:
  5. Copy your private key and certificate files for the FQDN onto the Cloudbreak host. These files must be placed under /var/lib/cloudbreak-deployment/certs/traefik/ directory.

    File permissions for the private key and certificate files can be set to 600.

    File Example
    PRIV-KEY-LOCATION /var/lib/cloudbreak-deployment/certs/traefik/
    CERT-LOCATION /var/lib/cloudbreak-deployment/certs/traefik/
  6. Configure TLS details in your Profile by adding the following line at the end of the file.

    Notice that CERT-LOCATION and PRIV-KEY-LOCATION are file locations from Step 5, starting at the /certs/... path.


    For example:

    export CBD_TRAEFIK_TLS="/certs/traefik/,/certs/traefik/"
  7. Restart Cloudbreak deployer:
    cbd restart
  8. Using your web browser, access the Cloudbreak UI using the new resolvable fully qualified domain name.
  9. Confirm that the connection is SSL-protected and that the certificate used is the certificate that you provided to Cloudbreak.