To generate an SSL certificate with OpenSSL

Note: If you are using a self-signed certificate, your browser will prompt you with an untrusted SSL certificate warning

1. Generate an RSA private key

openssl genrsa -des3 -out server.key 1024

Use anything for your password that you will remember later.

2. Generate a Certificate Signing Request (CSR)

openssl req -new -key server.key -out server.csr

Respond to the questions as shown in the examples:

What is your first and last name?

[Unknown]:

chorus-ga.greenplum.com

Note: Enter the URL for Greenplum Chorus.

What is the name of your organizational unit?

[Unknown]:

Data and Insights

What is the name of your organization?

[Unknown]:

Greenplum

What is the name of your City or Locality?

[Unknown]:

San Mateo

What is the name of your State or Province?

[Unknown]:

California

What is the two-letter country code for this unit?

[Unknown]:

US

Is CN=chorus-ga.greenplum.com, OU=Data and Insights,

O=Greenplum, L=San Mateo, ST=California, C=US correct?

[no]:

yes

Enter key password for <chorus>

(RETURN if same as keystore password.)

3. Remove Passphrase from Key

cp server.key server.key.org

openssl rsa -in server.key.org -out server.key

Without this step you will need to type the password you created in Step 1 each time you start Chorus.

ssl_server_port= 8443

ssl_certificate=

/usr/local/greenplum-chorus/current/config/test.crt

ssl_certificate_key=

/usr/local/greenplum-chorus/current/config/test.key

Restart Chorus to apply the configuration.

Note: To run Chorus on port 443 (the default ssl port e.g. https://:443), Greenplum recommends that you set up a Web server proxy to Chorus.