Add SSL certificate for Ambari
By default Cloudbreak configures Ambari with a self-signed certificate for access via HTTPS. This is sufficient for many deployments such as trials, development, testing, or staging. However, for production deployments, you should obtain and configure a trusted certificate.
Determine which instructions to use
Depending on your configuration, use the following instructions for adding a trusted certificate for Ambari:
| Scenario | Instructions |
|---|---|
| The Knox-powered Gateway is enabled and Ambari is exposed through the Gateway (default behavior). | Use Add SSL certificate for Knox Gateway |
| The Knox-powered Gateway is disabled or Ambari is not exposed through the Gateway. | Use the instructions provided in this section |
Add SSL certificate for Ambari
Use these steps if you would like to add an SSL certificate for Ambari when Knox-powered Gateway is disabled.
 | Note |
|---|---|
Only use these instructions only if you disabled the Knox-powered Gateway for Ambari. When Knox Gateway is enabled and Ambari is exposed through it (default behavior), use the instructions provided in Add SSL certificate for Knox Gateway. |
Steps
- Obtain a trusted SSL certificate.
- Access the Ambari server host via ssh.
- Obtain root access by using
sudo su. - Copy the certificate to the
/etc/certs-user-facing/directory on the master host. - Open the
/etc/nginx/sites-enabled/ssl-user-facing.conffile for editing. - At server which listens on 443, update the
ssl_certificatepath and thessl_certificate_keypath to point to the location if the new certificate and key:server { listen 443; ssl on; ssl_certificate /etc/certs-user-facing/server.pem; ssl_certificate_key /etc/certs-user-facing/server-key.pem; ... - Restart nginx. Depending on the nginx distribution, use of the following
commands:
systemctl restart nginxor
service nginx restart - Using your web browser, access the Ambari web UI.
- Confirm that the connection is SSL-protected and that the certificate used is the certificate that you provided.