Install Certificates
Before you start¶
Goal
- Install the certificates required for the Altair SLC Hub.
The server host and each worker node must all have multiple certificates. These must be copied onto the machines and their ownership and permissions should be set.
Create the certificates¶
The hub nodes rely on the following PEM files.
File | Purpose |
---|---|
[var directory]/ca/public/CA.cert.pem | The root CA for the certificates. This should contain the entire signing chain, and will be the same on the server host and worker nodes |
[var directory]/ca/public/slchub/Server.cert.pem | The server certificate for Altair SLC (hostname.example.com). This is unique to each server |
[var directory]/ca/public/slchub/Server.key.pem | The private key for the server certificate |
[var directory]/ca/public/nomad/ServerClient.cert.pem | The server and client certificate for mtls (hostname.example.com). This is unique to each server |
[var directory]/ca/public/nomad/ServerClient.key.pem | The private key for the mtls certificate |
These files should contain the certificate first, then the signing chain.
The file permissions should be limited and the files should be owned by the group slchub
File | Control Node Permissions | Compute Node permissions |
---|---|---|
[var directory]/ca/public/CA.cert.pem | -rw-r--r-- slchub-casvc slchub | -rw-r--r-- 1 slchub-casvc slchub |
[var directory]/ca/public/slchub/Server.cert.pem | -rw-r--r-- slchub-casvc slchub | -rw-r--r-- 1 slchub-casvc slchub |
[var directory]/ca/public/slchub/Server.key.pem | -rw-r----- slchub-casvc slchub | -rw-r----- 1 slchub-casvc slchub |
[var directory]/ca/public/nomad/ServerClient.cert.pem | -rw-r----- slchub-casvc slchub | -rw-r----- 1 slchub-casvc slchub |
[var directory]/ca/public/nomad/ServerClient.key.pem | -rw-r----- slchub-casvc slchub | -rw-r----- 1 slchub-casvc slchub |
Create and Install the Certificates¶
Install the certificates in the Altair SLC Hub alongside their corresponding Certificate Signing Requests and private keys. For example the certificate created from:
[var directory]/ca/public/slchub/Server.csr.pem
[var directory]/ca/public/slchub/Server.cert.pem
[var directory]/ca/public/CA.cert.pem
Verification¶
Check Certificates and permissions
- Ensure certificates and keys exists.
- Ensure the permissions are correct.