Skip to main content
Skip table of contents

Open SSL setup

Setting up SSL is completely automated in Puppet. However, you can manually set up a trusted certificate so that users can privately browse the metadata server without being warned by a web browser that the they are trying to connect to a site that is using a self-signed certificate. To do this you must get an SSL certificate signed by a certification authority (CA). The following procedure outlines how to do this.

Prerequisites

  • The commands used to generate the key and certificate request in the following procedure must be run from a Linux RH6 server.
  • You must have Puppet installed on all servers that are running an NGINX instance, that is, each SDP server (if there is more than one), and each MDS.

Procedure

  1. Generate a private key and a certificate signing request, which can be done using the following command:

    CODE 
    openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
  2. You will be prompted for some information, for which you can find guidelines here:  https://www.digicert.com/csr-creation-nginx.htm
  3. Get the server.csr file signed by a CA, such as Verisign or Digicert. For example, go to https://www.digicert.com/csr-creation-nginx.htm.
  4. The signed certificate must then be inserted into Puppet, as follows:
    1. In Puppet, go to Smart class parameters.
    2. Search for 'ssl'.
    3. Select ssl_certificate.
    4. In the Default value box, paste the signed certificate, that is, the contents of the .pem file that you received from your chosen CA.
    5. In the Smart variables search results, select ssl_certificate_key.
    6. In the Default value box, paste the private key, that is, the contents of the server.key file that you generated in the first step.

    7. On each server that is running an NGINX instance, run the Puppet agent using the following command:

      CODE 
      puppet agent –t

      The certificate should then be displayed in /opt/nginx/conf/server.crt, while the private key should be displayed in /opt/nginx/conf/server.key.

    8. On each server that is running an NGINX instance, run the following command:

      CODE 
      service nginx reload


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close