Enabling SSL for the RESTful APIs using an external certificate
Configure SSL for the web servers in your production environment, using a properly chained certificate from a trusted certificate authority (CA).
Before you begin
- You must be a cluster administrator.
- You must ensure that the clock settings on the server and client are identical. Otherwise, errors may occur.
About this task
- Enable SSL for the first time (in other words, if you disabled SSL during installation by setting DISABLESSL=Y).
- Use a properly chained certificate from a trusted CA that replaces the default self-signed certificate when SSL is enabled during installation.
- The ascd web server, which hosts the RESTful APIs for instance group management.
- The REST web server, which hosts the RESTful APIs for resource management and package deployment.
When SSL is enabled for the REST web services (ascd and REST), a trust relationship between the server and the client is established by sending a server certificate to the client. The client validates the certificates that are signed by a trusted CA. For your production environment, ensure that you use a properly chained certificate that is issued or signed by a trusted CA. By default ascd and REST uses the TLSv1.2 protocol.
Procedure
Results
You can now securely access the RESTful APIs over SSL in your production environment.
What to do next
If the cluster contains instance groups with notebooks or instance groups that are configured to use GPU executors and have the SPARK_EGO_AUTOSCALE_SLOTS_PER_TASK parameter set, you or the consumer administrator must modify these instance groups so that ascd can apply the appropriate service profile changes. To modify, stop the instance group, and click .