IN THIS ARTICLE
Outlines how to install a signed valid SSL certificate issued by your Certificate Authority (CA) to your Qumulo cluster
- Install the signed SSL Certificate to the cluster
- Mac OS X Client Example
REQUIREMENTS
- Admin privileges to your Qumulo cluster
- SSL Certificate based on your CSR file has been generated by your CA
- Reference the article SSL: Generate a Certificate Signing Request for additional details
- CA-bundle PEM chain which must be ordered in the following format:
$ cat certbundle.pem
-----BEGIN CERTIFICATE-----
YOUR CERT HERE
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE----
INTERMEDIATE CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
ROOT CA
-----END CERTIFICATE-----
NOTE: In the examples below, sli-q2 is the name of the cluster
PROCESS
Install the signed SSL Certificate
- Verify that the certificate and ca-bundle are in PEM formats:
$ file *
certbundle.pem: PEM certificate
private.key: PEM RSA private key
- If your key is not an RSA key, you can convert it with the following command:
$ file original.key
original.key: ASCII text
$ openssl rsa -in original.key -out private.key
writing RSA key
$ file private.key
private.key: PEM RSA private key
- Logged in as admin, install the certificate using the following qq command:
qq ssl_modify_certificate
- See example below:
[~/qumulo_api]$ ./qq --host sli-q2 login -u admin
Password:
[~/qumulo_api]$ ./qq --host sli-q2 ssl_modify_certificate -c certbundle.pem -k private.key
null
Mac OS Client Example of importing a CA Cert
- Open Keychain Access
- Select Login and click Certificates
- Drag and drop the CA Cert into the list
- Get Info on the Certificate to access settings by clicking the "i" button
- Choose Always trust in the dropdown for "When using this certificate"
- Check the security in your browser to verify installation
NOTE: Restart your browser to ensure changes take effect
Insecure
Secure
RESOLUTION
You should now be able to successfully install a signed SSL Certificate issued by your CA to your Qumulo cluster
ADDITIONAL RESOURCES
SSL: Generate a Certificate Signing Request (CSR)
Like what you see? Share this article with your network!
Comments
0 comments
Please sign in to leave a comment.