SSL: Install a Signed SSL Certificate

IN THIS ARTICLE

Outlines how to install a signed valid SSL certificate issued by your Certificate Authority (CA) to your Qumulo cluster

Install the signed SSL Certificate to the cluster
Mac OS X Client Example

REQUIREMENTS

Admin privileges to your Qumulo cluster
SSL Certificate based on your CSR file has been generated by your CA
- Reference the article SSL: Generate a Certificate Signing Request for additional details
CA-bundle PEM chain which must be ordered in the following format:

$ cat certbundle.pem

-----BEGIN CERTIFICATE-----
YOUR CERT HERE
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE----
INTERMEDIATE CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
ROOT CA
-----END CERTIFICATE-----

NOTE: In the examples below, sli-q2 is the name of the cluster

PROCESS

Install the signed SSL Certificate

Verify that the certificate and ca-bundle are in PEM formats:

$ file *
certbundle.pem: PEM certificate
private.key: PEM RSA private key

If your key is not an RSA key, you can convert it with the following command:

$ file original.key
original.key: ASCII text

$ openssl rsa -in original.key -out private.key
writing RSA key

$ file private.key
private.key: PEM RSA private key

Logged in as admin, install the certificate using the following qq command:

qq ssl_modify_certificate

See example below:

[~/qumulo_api]$ ./qq --host sli-q2 login -u admin
Password:

[~/qumulo_api]$ ./qq --host sli-q2 ssl_modify_certificate -c certbundle.pem -k private.key
null

Mac OS Client Example of importing a CA Cert