Skip to content

Get Certificates

Before you start

Goal

  • Get the certificates required for the Altair SLC Hub.

To make using an alternate CA easier, Altair SLC Hub can create Certificate Signing requests. These can be signed or used to create independent certificates. Note the SAN fields must be correct.

The Hub server host and each worker node must all have multiple certificates.

Generate the Certificate Signing Requests

Use the hubctl command on each server and worker to generate Certificate Signing Requests:

hubctl generate csr

This will generate Certificate Signing Requests and their associated private keys at the locations:

[var directory]/ca/public/slchub
[var directory]/ca/public/nomad

Certificate Signing Requests have the suffix .csr.pem. Private keys have the suffix .key.pem.

Create the certificates by signing each of the Certificate Signing Requests using the Certificate Authority. This is done outside Altair SLC Hub using a preferred certificate service or using a tool such as openssl. The certificates should be created in PEM format.

Verification

Certificates created

  • Ensure you have PEM-encoded certificate and key files for the server host and each worker node.