IN THIS ARTICLE
Outlines how to generate a Certificate Signing Request (CSR) to submit to your Certificate Authority (CA) to apply an SSL Certificate to your Qumulo cluster
- Create a private and public encryption key pair
- Create a CSR file based on the new insecure key
- Copy the CSR file off the cluster to submit to your CA
Note: Submitting the CSR file to your CA is not covered in this article and all example commands included are for Linux or OS X
- Admin privileges to your Qumulo cluster
- A computer with SSH installed
- A computer with SCP installed
Qumulo clusters come with a self-signed SSL Certificate installed that will enable traffic to be encrypted for your browser sessions but will trigger an untrusted or self-signed certificate error in a modern web browser. To avoid this error, you can generate a CSR file to submit to your Certificate Authority to get a valid SSL Certificate for your cluster.
SSH to the first node in your Qumulo cluster as the Qumulo Admin account by using your cluster's fully qualified domain name or IP address.
Enter your admin password for the cluster when prompted
Run the below OpenSSL command to generate the private key. The name of the Qumulo Cluster is used to ensure the .key and .csr files are named uniquely.
openssl genrsa -des3 -out Cluster-Name.key 2048
In the above example, the name of the Qumulo Cluster is used to ensure the .key and .csr files are named uniquely.
When the above command runs successfully, you will be prompted to enter a Passphrase. Use a complex passphrase of at least 13 characters to meet or exceed security best practices.
Generating RSA private key, 2048 bit long modulus ..........................++++++ .......++++++ e is 65537 (0x10001) Enter pass phrase for server.key: ImportantPassPhrase
Important: Don't lose the passphrase.
When prompted, re-enter the passphrase to verifyUse the command below to create the insecure key using your cluster's name as outlined
openssl rsa -in Cluster-Name.key -out Cluster-Name.key.insecure
Run the following command to generate the CSR file from the .key file and enter your passphrase when prompted
openssl req -new -key Cluster-Name.key -out Cluster-Name.csr
Copy the CSR file off the node to your local desktop by running the command below using the correct variables for your cluster and computer
my_laptop.local $> scp admin@Cluster-Name.example.com:~/Cluster-Name.csr \
Enter your Qumulo admin password when prompted to successfully copy the certificate.
Like what you see? Share this article with your network!