IN THIS ARTICLE
Qumulo clusters come with a self-signed SSL Certificate installed. The self-signed certificate will enable traffic to be encrypted for your browser sessions but will trigger an untrusted or self-signed certificate error in a modern web browser. Note that submitting the CSR file to your CA is not covered in this article.
- You will find a step through for generating a CSR (certificate signing request) to submit to your CA (certificate authority) including:
- Creating a private and public encryption key pair
- Creating a CSR file based on the new insecure key
- Copying the need CSR file off the cluster to submit to your CA
- Example commands in this article are for Linux or OS X
- Admin privileges to your Qumulo cluster
- A computer with SSH installed
- A computer with SCP installed
- SSH to the first node in your Qumulo cluster as the Qumulo Admin account replacing the bold text with your clusters fully qualified domain name or IP address
- When prompted enter your admin password for your cluster
- Run the below OpenSSL command to generate the private key
openssl genrsa -des3 -out Cluster-Name.key 2048
- When the above command is run successfully, you will be prompted to enter a Passphrase. The best practice is to use a complex passphrase of at least 13 characters. Do not lose the passphrase
Generating RSA private key, 2048 bit long modulus
- When prompted, re-enter the passphrase to verify
- Use the command below to create the insecure key replacing the bold text with your cluster's name
openssl rsa -in Cluster-Name.key -out Cluster-Name.key.insecure
- Swap the names on the secure and insecure keys to prepare them for generating the CSR file for submission to the CA by run the following:
- The insecure key is now Cluster-Name.key and can be used to generate the CSR file in the next step for submission to your CA without needing the passphrase.
mv Cluster-Name.key Cluster-Name.key.secure
- To generate the CSR file from the Cluster-Name.key file run the below command and enter your passphrase when prompted
- To copy the CSR file off the node you will need a computer with SCP installed. Run the below command to SCP the CSR file to the desktop of the computer you are on. Replace the bold text with the correct variables for you cluster and computer. Enter your Qumulo admin password when prompted.
my_laptop.local $> scp admin@Cluster-1.AcmeRockets.org:~/Cluster-Name.csr ~/Desktop/
You should now be able to successfully create a CSR file to submit to your Certificate Authority.
Like what you see? Share this article with your network!