Get Certificates
Before you start¶
Goal
- Get the certificates required for the Altair SLC Hub.
Prerequisites
To make using an alternate CA easier, Altair SLC Hub can create Certificate Signing requests. These can be signed or used to create independent certificates. Note the SAN fields must be correct.
The Hub server host and each worker node must all have multiple certificates.
Generate the Certificate Signing Requests¶
Use the hubctl
command on each server and worker to generate Certificate Signing Requests:
hubctl generate csr
This will generate Certificate Signing Requests and their associated private keys at the locations:
[var directory]/ca/public/slchub
[var directory]/ca/public/nomad
Certificate Signing Requests have the suffix .csr.pem
. Private keys have the suffix .key.pem
.
Create the certificates by signing each of the Certificate Signing Requests using the Certificate Authority. This is done outside Altair SLC Hub using a preferred certificate service or using a tool such as openssl
. The certificates should be created in PEM format.
Verification¶
Certificates created
- Ensure you have PEM-encoded certificate and key files for the server host and each worker node.