Trace: ambari ssl_certificates

This is an old revision of the document!

Table of Contents

SSL Certificates

Buying a Certificate

Policy

Always buy a wildcard certificate for a client. This will guarantee that we can use it with any subdomain, and that the client will not need extra IP addresses.

Namecheap

These are the steps involved in generating an SSL certificate to be validated by an SSL provider:

Create a private key to be used only by that server: 

openssl genrsa -out /etc/ssl/private/private.key 2048

Create a new CSR (Certificate Signing Request) file using the RSA private key.

When creating the CSR, you will need to populate the local information. For Common Name, use the domain name to be validated. For a wildcard domain, use *.domain.com. For a single hostname, use www.domain.com 

openssl req -new -key /etc/ssl/private/private.key -out /etc/ssl/certs/digitaltrike.com.csr

Namecheap will ask for the newly generated CSR file.

Once you give them the file, they will ask for an email address to verify the SSL certificate creation with. They will pull a list of possible e-mail addresses to use. The recipient will receive a link to validate the creation of the SSL certificate. The process cannot be completed until they have validated, so make sure to send it to someone who will receive the email.

Once the order is validated, you will get an email from Namecheap with two files: the certificate, and the CA bundle.

Save the certificate to /etc/ssl/certs/domain.com.crt

Save the Certficate Authority bundle to /etc/ssl/certs/domain.com.cabundle

Digital Trike

Our SSL cert is a wildcard certificate. The Common Name is *.digitaltrike.com The private key is signed with a password.

The master keys and CA files are stored on tahiti in /etc/ssl/digitaltrike.com

Maintenance

Digital Trike can offer to clients the option to purchase, install and monitor SSL certificates.

Comodo SSL Certificates (Namecheap)

EV SGC SSL

$155/year/domain, no wildcard (www.domain.com)

  • Business validation
  • “green bar” in browser
  • 128- or 256-bit encryption
  • Unlimited reissues
  • Unlimited server licenses

True BusinessID Wildcard

$389/year, wildcard (*.domain.com)

  • Full business validation
  • Unlimited reissues
  • Up to 256-bit encryption