Print Email PDF

Installing the WebUI SSL certificate


Outlines how to install a signed valid SSL certificate issued by your Certificate Authority (CA) to your Qumulo cluster

REQUIREMENTS

  • Admin privileges to your Qumulo cluster
  • SSL Certificate based on your CSR file has been generated by your CA

    PROCESS

Generate private key

openssl genrsa -des3 -out Cluster-Name.key 2048

Strip the key

openssl rsa -in Cluster-Name.key -out Cluster-Name.key.insecure
openssl req -new -key Cluster-Name.key -out Cluster-Name.csr

Have the CA complete the request and export the certificate bundle as DER encoded.
Tip**Don't forget to ask them to add SANs if applicable

openssl pkcs7 -in yourbundle.p7b -inform DER -print_certs -out cert.pem

Install the final SSL certificate (only needs to be run from one node)

qq ssl_modify_certificate -c cert.pem -k Cluster-Name.key.insecure

If you see the following error:
Error 400: ssl_certificate_invalid_error: Cannot find the issuer certificate of some certificate in the provided certificate chain

This usually means your certificates are out-of-order in the bundle (more common on linux CA's). You can vim the pem file and reorder the certificates. 

Server Certificate
Intermediate CA
Root CA

You may also see a similar error if attempting to install a certificate that lacks the whole certificate chain.

Lastly,
On every node (after you update your SSL cert/"null" indicates success), restart the WebUI service to make it take effect: SSH to each node / login as root

sudo -s
sudo qsh -c systemctl restart qumulo-appserver
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Have more questions?
Open a Case
Share it, if you like it.