SSL Certificates

By default, all CMPClosed Converged Monetisation Platform. The MDS Global product that supports customer care and billing for digital service providers. components communicate over HTTPS protocol, although the inventory can be configured to use HTTP if required. Before commencing the deployment, the required SSL certificate or certificates should be obtained from the Certification Authority.

The certificates must meet the following criteria:

  • The certificate common name must match the target host name; the name that the other components and the users will use to access it.
  • The certificate expiration date must be in the future.
  • The certificate must be signed by the recognised or trusted Certification Authority.

If the last criterion is not met, the playbooks will still be able to establish trust by including the certificate in question into their trusted certificate list. However, if the first two criteria are not met, CMP will not function properly.

If only the last criterion is not met, end users will be notified by their browsers that certificate is not trusted, but they will be able to use the applications.

In most deployment scenarios, the components of the CMP stack will be deployed to a number of hosts. To meet the first criteria, in this case, a certificate must be obtained for each host. Alternatively, you can obtain a wildcard certificate.

The wildcard certificate's common name includes a wildcard and is usually produced to secure the whole domain of hosts.

For example, the certificate with the common name demo.test.com can only be used for the demo.test.com host. However, a wildcard certificate with the common name *.test.com can be used for any host in the test.com domain, for example test.com, demo.test.com or demo1.test.com.

Users have the option not to produce the SSL certificates issued by the Certificate Authority. In this case, the self-signed certificates will be generated by the deployment.

The use of the self-signed certificates is not recommended for production environments.

If you want to use a real or previously generated self-signed certificate, you must provide information about the certificates via the Inventory Configuration Tool.

The property value should be a valid absolute path at the control server, where the private key and certificate (in PEM format) are stored.

Note that this is the path on the control server, that is, the server where the deployment is running from.

When a single (wildcard) certificate is used for all servers the ssl_certificate property can be set at the global level. However, if different host-specific certificates will be used, they should be defined at the corresponding groupClosed In the Customer Manager Platform hierarchy, the highest level of the structure. The group level can be used to group corporates. Groups can hold financial information. level.

When the ssl_certificate property is not defined, the Ansible playbook will generate a self-signed certificate for each of the concerned services.

Related Topics Link IconRelated Topics