English (US)
Deutsch Español Français
OPEN A CASE
KNOWLEDGE BASE
COMMUNITY
QUMULO TRENDS

KNOWLEDGE BASE

Articles in this section
See more

SSL: Install a Signed SSL Certificate

Avatar
Sam Li
  • Updated
Follow

IN THIS ARTICLE

Outlines how to install a signed valid SSL certificate issued by your Certificate Authority (CA) to your Qumulo cluster

  • Install the signed SSL Certificate to the cluster
  • Mac OS X Client Example

REQUIREMENTS

  • Admin privileges to your Qumulo cluster
  • SSL Certificate based on your CSR file has been generated by your CA
  • CA-bundle PEM chain which must be ordered in the following format:
$ cat certbundle.pem

-----BEGIN CERTIFICATE-----
YOUR CERT HERE
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE----
INTERMEDIATE CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
ROOT CA
-----END CERTIFICATE-----

NOTE: In the examples below, sli-q2 is the name of the cluster

PROCESS

Install the signed SSL Certificate

  • Verify that the certificate and ca-bundle are in PEM formats:
$ file *
certbundle.pem: PEM certificate
private.key: PEM RSA private key
  • If your key is not an RSA key, you can convert it with the following command:
$ file original.key
original.key: ASCII text

$ openssl rsa -in original.key -out private.key
writing RSA key

$ file private.key
private.key: PEM RSA private key
  • Logged in as admin, install the certificate using the following qq command:
qq ssl_modify_certificate
  • See example below:
[~/qumulo_api]$ ./qq --host sli-q2 login -u admin
Password:

[~/qumulo_api]$ ./qq --host sli-q2 ssl_modify_certificate -c certbundle.pem -k private.key
null

Mac OS Client Example of importing a CA Cert

  • Open Keychain Access
  • Select Login and click Certificates
  • Drag and drop the CA Cert into the list

Import cert keychain.png

  • Get Info on the Certificate to access settings by clicking the "i" button
  • Choose Always trust in the dropdown for "When using this certificate"

Accept CA cert keychain.png

  • Check the security in your browser to verify installation

NOTE: Restart your browser to ensure changes take effect

Insecure

Insecure CA.png

Secure

Secure CA.png

RESOLUTION

You should now be able to successfully install a signed SSL Certificate issued by your CA to your Qumulo cluster 

ADDITIONAL RESOURCES

SSL: Generate a Certificate Signing Request (CSR)

QQ CLI: LDAP and Certificates

 

Like what you see? Share this article with your network!

Related articles

Comments

0 comments

Please sign in to leave a comment.