Skip to content

Install Certificates

Before you start

Goal

  • Install the certificates required for the Altair SLC Hub.

The server host and each worker node must all have multiple certificates. These must be copied onto the machines and their ownership and permissions should be set.

Create the certificates

The hub nodes rely on the following PEM files.

File Purpose
[var directory]/ca/public/CA.cert.pem The root CA for the certificates. This should contain the entire signing chain, and will be the same on the server host and worker nodes
[var directory]/ca/public/slchub/Server.cert.pem The server certificate for Altair SLC (hostname.example.com). This is unique to each server
[var directory]/ca/public/slchub/Server.key.pem The private key for the server certificate
[var directory]/ca/public/nomad/ServerClient.cert.pem The server and client certificate for mtls (hostname.example.com). This is unique to each server
[var directory]/ca/public/nomad/ServerClient.key.pem The private key for the mtls certificate

These files should contain the certificate first, then the signing chain.

The file permissions should be limited and the files should be owned by the group slchub

File Control Node Permissions Compute Node permissions
[var directory]/ca/public/CA.cert.pem -rw-r--r-- slchub-casvc slchub -rw-r--r-- 1 slchub-casvc slchub
[var directory]/ca/public/slchub/Server.cert.pem -rw-r--r-- slchub-casvc slchub -rw-r--r-- 1 slchub-casvc slchub
[var directory]/ca/public/slchub/Server.key.pem -rw-r----- slchub-casvc slchub -rw-r----- 1 slchub-casvc slchub
[var directory]/ca/public/nomad/ServerClient.cert.pem -rw-r----- slchub-casvc slchub -rw-r----- 1 slchub-casvc slchub
[var directory]/ca/public/nomad/ServerClient.key.pem -rw-r----- slchub-casvc slchub -rw-r----- 1 slchub-casvc slchub

Create and Install the Certificates

Install the certificates in the Altair SLC Hub alongside their corresponding Certificate Signing Requests and private keys. For example the certificate created from:

[var directory]/ca/public/slchub/Server.csr.pem
should be copied to:
[var directory]/ca/public/slchub/Server.cert.pem
Copy the private Certificate Authority file to:
[var directory]/ca/public/CA.cert.pem

Verification

Check Certificates and permissions

  • Ensure certificates and keys exists.
  • Ensure the permissions are correct.