Managing Clusters
Also available as:
PDF

Add SSL certificate for Ambari

By default Cloudbreak configures Ambari with a self-signed certificate for access via HTTPS. This is sufficient for many deployments such as trials, development, testing, or staging. However, for production deployments, you should obtain and configure a trusted certificate.

Determine which instructions to use

Depending on your configuration, use the following instructions for adding a trusted certificate for Ambari:

Scenario Instructions
The Knox-powered Gateway is enabled and Ambari is exposed through the Gateway (default behavior). Use Add SSL certificate for Knox Gateway
The Knox-powered Gateway is disabled or Ambari is not exposed through the Gateway. Use the instructions provided in this section

Add SSL certificate for Ambari

Use these steps if you would like to add an SSL certificate for Ambari when Knox-powered Gateway is disabled.

Note
Note

Only use these instructions only if you disabled the Knox-powered Gateway for Ambari. When Knox Gateway is enabled and Ambari is exposed through it (default behavior), use the instructions provided in Add SSL certificate for Knox Gateway.

Steps

  1. Obtain a trusted SSL certificate.
  2. Access the Ambari server host via ssh.
  3. Obtain root access by using sudo su.
  4. Copy the certificate to the /etc/certs-user-facing/ directory on the master host.
  5. Open the /etc/nginx/sites-enabled/ssl-user-facing.conf file for editing.
  6. At server which listens on 443, update the ssl_certificate path and the ssl_certificate_key path to point to the location if the new certificate and key:
    server {
        listen       443;
        ssl on;
        ssl_certificate      /etc/certs-user-facing/server.pem;
        ssl_certificate_key  /etc/certs-user-facing/server-key.pem;
    ...
  7. Restart nginx. Depending on the nginx distribution, use of the following commands:
    systemctl restart nginx

    or

    service nginx restart
  8. Using your web browser, access the Ambari web UI.
  9. Confirm that the connection is SSL-protected and that the certificate used is the certificate that you provided.