Does Stellar Cyber UI support customer SSL certificates?

Yes, you can upload your own certificate to match your domain name. The SSL certificate and key must be in PEM format. The following instructions is a known method using OpenSSL.

1. To generate the necessary files, you will need access to a host that is not in your Stellar Cyber cluster and OpenSSL (https://wiki.openssl.org/index.php/Binaries) installed on it. Apply the method that matches your host:

   • On a Linux host, SSH to the host and then run the following to generate the Certificate Signing Request (CSR) and private key:

     openssl req -new -newkey rsa:2048 -nodes -keyout <yourdomain>.key -out <yourdomain>.csr

   • On a Windows host, open a command prompt window (cmd.exe) and then run:

     cd \OpenSSL-Win32
openssl genrsa -out private-key.key 2048
openssl req -new -key private-key.key -out csr.txt

2. Take the entire text contents of the CSR file and place it in the appropriate field of your service provider's SSL certificate enrollment form. The resulting certificate should be downloaded in PEM format.

3. Upload the certificate and key files to the Stellar Cyber UI.

If the Stellar Cyber UI becomes inaccessible after uploading the certificate

When the uploaded certificate is not in PEM format, the Stellar Cyber UI becomes inaccessible. To remove the certificate, make an SSH connection to the data lake master host and then enter the following at the CLI prompt.

For Stellar Cyber releases older than 4.3.1

reset_cert

For the 4.3.1 Stellar Cyber release or later

unset server_cert

The Stelar Cyber UI becomes available after a few minutes. Refresh your browser if necessary.