SSL Certificate Bundle

For instructions on how to generate SSL certificates, see Generating and Applying SSL Certificates.

To enable SSL for your Swift cluster, all the SSL certificates must be bundled together in a single PEM file. The certificate for your cluster should come first, followed by any intermediate certificates, followed by the root CA certificate if necessary. (If you're using a commerical certificate rather than one issued by your organization, you don't need to include the root CA.) If the certificates aren't bundled correctly, you'll see a "The certificate and private key do not match" error message.

$ cat swift_cluster.crt intermediate_2.crt intermediate_1.crt > swift_cert_chain.pem
../../_images/ssl-bundle-cas.png

Format of the Certificate Bundle

-----BEGIN CERTIFICATE-----
<SSL cert>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<more intermediate certs>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediate cert 2>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediate cert 1>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<root CA cert>
-----END CERTIFICATE-----