Home Explore Help
Register Sign In
Apq
/
tigertoolbox
mirror of https://github.com/microsoft/tigertoolbox.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: v4.0.0
Branches Tags
tigertoolbox
/
Troubleshooting-Notebooks
/
Big-Data-Clusters
/
CU3
/
Public
/
content
/
cert-management
barbaravaldez b5c29867d6 Add tsg books 5 years ago
..
cer001-create-root-ca.ipynb b5c29867d6 Add tsg books 5 years ago
cer002-download-existing-root-ca.ipynb b5c29867d6 Add tsg books 5 years ago
cer003-upload-existing-root-ca.ipynb b5c29867d6 Add tsg books 5 years ago
cer010-install-generated-root-ca-locally.ipynb b5c29867d6 Add tsg books 5 years ago
cer020-create-management-service-proxy-cert.ipynb b5c29867d6 Add tsg books 5 years ago
cer021-create-knox-cert.ipynb b5c29867d6 Add tsg books 5 years ago
cer022-create-app-proxy-cert.ipynb b5c29867d6 Add tsg books 5 years ago
cer023-create-controller-cert.ipynb b5c29867d6 Add tsg books 5 years ago
cer030-sign-service-proxy-generated-cert.ipynb b5c29867d6 Add tsg books 5 years ago
cer031-sign-knox-generated-cert.ipynb b5c29867d6 Add tsg books 5 years ago
cer032-sign-app-proxy-generated-cert.ipynb b5c29867d6 Add tsg books 5 years ago
cer033-sign-controller-generated-cert.ipynb b5c29867d6 Add tsg books 5 years ago
cer040-install-service-proxy-cert.ipynb b5c29867d6 Add tsg books 5 years ago
cer041-install-knox-cert.ipynb b5c29867d6 Add tsg books 5 years ago
cer042-install-app-proxy-cert.ipynb b5c29867d6 Add tsg books 5 years ago
cer043-install-controller-cert.ipynb b5c29867d6 Add tsg books 5 years ago
cer050-wait-cluster-healthly.ipynb b5c29867d6 Add tsg books 5 years ago
cer100-create-root-ca-install-certs.ipynb b5c29867d6 Add tsg books 5 years ago
cer101-use-root-ca-install-certs.ipynb b5c29867d6 Add tsg books 5 years ago
readme.md b5c29867d6 Add tsg books 5 years ago

readme.md

A set of notebooks used for Certificate Management

The notebooks in this chapter can be used to create a self-signed root certificate authority (or allow for one to be uploaded), and then use that root CA to create and sign certificates for each external endpoint in a Big Data Cluster.

After running the notebook in this chapter, and installing the Root CA certificate locally, all connections to the Big Data Cluster can be made securely (i.e. the internet browser will indicate "This Connection is Secure"). The following notebook can be used to install the Root CA certificate locally on this machine.

  • [CER010]()

Run the notebooks in a sequence

These two notebooks run the required notebooks in this chapter in a sequence in a single 'run all cells' button press.

  • [CER100]()
  • [CER101]()

The first notebook (CER100) will first generate a Root CA certificate. The 2nd notebook (CER101) will use an already existing Root CA downloaded and upload using:

  • [CER002]()
  • [CER003]()

Details

  • By default, the Big Data Cluster cluster generates its own Root CA certificate and all the certificates used inside the cluster are signed with this Root CA certificate. External clients connecting to cluster endpoints will not have this internal Root CA installed and this leads to the certificate verification related warnings on clients (internet browsers etc.) and the need to use the --insecure option with tools like CURL.

  • It is better if the certificates for the external endpoints in the Big Data Cluster can be provided and installed in the containers hosting the endpoint services, most preferably using your own trusted CA to sign these certificates and then install the CA chain inside the cluster. The notebooks in this chapter aid in this process by creating a self-signed Root CA certificate and then creating certificates for each external endpoint signed by the self-signed Root CA certificate.

  • The openssl certificate tracking database is created in the controller in the /var/opt/secrets/test-certificates folder. Here a record is maintained of each certificate that has been issued for tracking purposes.

Home

Notebooks in this Chapter