IN THIS ARTICLE
Qumulo clusters come with a self-signed SSL Certificate installed. The self-signed certificate will enable traffic to be encrypted for your browser sessions but will trigger an untrusted or self-signed certificate error in a modern web browser. Note that submitting the CSR file to your CA is not covered in this article.
- You will find a step through for generating a CSR (certificate signing request) to submit to your CA (certificate authority) including:
- Creating a private and public encryption key pair
- Creating a CSR file based on the new insecure key
- Copying the need CSR file off the cluster to submit to your CA
- Example commands in this article are for Linux or OS X
- Admin privileges to your Qumulo cluster
- A computer with SSH installed
- A computer with SCP installed
- SSH to the first node in your Qumulo cluster as the Qumulo Admin account replacing the bold text with your clusters fully qualified domain name or IP address
- When prompted enter your admin password for your cluster
- Run the below OpenSSL command to generate the private key
openssl genrsa -des3 -out Cluster-Name.key 2048
- When the above command is run successfully, you will be prompted to enter a Passphrase. The best practice is to use a complex passphrase of at least 13 characters. Do not lose the passphrase
Generating RSA private key, 2048 bit long modulus
- When prompted, re-enter the passphrase to verify
- Use the command below to create the insecure key replacing the bold text with your cluster's name
openssl rsa -in Cluster-Name.key -out Cluster-Name.key.insecure
- To generate the CSR file from the Cluster-Name.key file run the below command and enter your passphrase when prompted
openssl req -new -key Cluster-Name.key -out Cluster-Name.csr
- To copy the CSR file off the node you will need a computer with SCP installed. Run the below command to SCP the CSR file to the desktop of the computer you are on. Replace the bold text with the correct variables for your cluster and computer. Enter your Qumulo admin password when prompted.
my_laptop.local $> scp admin@Cluster-1.AcmeRockets.org:~/Cluster-Name.csr ~/Desktop/
You should now be able to successfully create a CSR file to submit to your Certificate Authority.
Like what you see? Share this article with your network!