Private Supermarket Trusted SSL Cert Installation


#1

Morning. I was looking through the mailing list and can’t find a topic about this. I have configured a CA for Chef-Server but it doesn’t seem to be the same approach for Supermarket. Here is what I have done.

vi /etc/supermarket/supermarket.rb

Changed these lines
default[‘supermarket’][‘nginx’][‘force_ssl’] = true
default[‘supermarket’][‘ssl’][‘certificate’] = '/var/opt/supermarket/ssl/ca/chefsupermarket.***.crt’
default[‘supermarket’][‘ssl’][‘certificate_key’] = ‘/var/opt/supermarket/ssl/ca/chefsupermarket.***.key’

Added the certs to that location and ran:
supermarket-ctl reconfigure
supermarket-ctl restart nginx

Launch Website and get connection refused: I see in the supermarket.rb it states:

If a key and certificate are not provided, a self-signed certificate will be
generated. To use your own, provide the paths to them and ensure SSL is
enabled in Nginx:

How Do I enable Nginx? I think that is the only thing I am missing.


#2

I found the problem in case anybody has this problem.

In the /etc/supermarket/supermarket.rb change:

default[‘supermarket’][‘fqdn’] = ‘name you gave ssl cert’

then don’t forget the url redirect on the chef server


#3

Yes, indeedy. All must match for everyone to get along:

  • a Supermarket’s configured FQDN (the domain with which it presents itself to users and clients)
  • the domain portion of the redirect_uri for Supermarket’s application entry in Chef Server’s oc-id service
  • the common name of the SSL cert presented by Supermarket