Environment
Objective
To enable an on-prem EDR cluster to use a password-protected (encrypted) cert and key file for the custom web UI.
Resolution
- Follow all directions to Customize the Web UI Port and Implement Custom Web UI Certificates.
- Modify /etc/cb/nginx/conf.d/cb.conf (or possibly the /etc/cb/nginx/conf.d/cb.multihome.conf file if the cluster uses that configuration)
- Add a new ssl_passoword_file line above the existing certificate lines:
Change:
ssl_certificate /etc/cb/certs/[filename].crt;
ssl_certificate_key /etc/cb/certs/[filename].key;
to:
ssl_password_file /etc/cb/certs/ssl_passwords.txt;
ssl_certificate /etc/cb/certs/[filename].crt;
ssl_certificate_key /etc/cb/certs/[filename].key;
- Create a new text file located at /etc/cb/certs/ssl_passwords.txt
- Enter the certificate password into the first line of the ssl_passwords.txt file.
- Restart the EDR cluster.
Additional Notes
Ideally, the ssl_passwords.txt file should be created by user root. 644 permissions is fine.
Related Content