This section explains how to install a signed SSL certificate for the Web UI and for the LDAP server on your Qumulo cluster.

Requirements

  • An SSL certificate based on your certificate signing request (CSR) file from your certificate authority (CA)

  • A CA-bundle PEM chain in the following order:

    • Your certificate

    • The intermediate CA

    • The root CA

To Install Signed SSL Certificates on a Qumulo Cluster from the Command Line

  1. Verify that your certificate and the CA-bundle are in the PEM format by running the file * command.

    The following is example output.

    certbundle.pem: PEM certificate
private.key: PEM RSA private key

  2. (Optional) If your file isn’t an RSA key, run the openssl rsa command to convert your key. For example:

    openssl rsa \
  -in original.key \
  -out private.key

  3. Run the qq login command to log in to a node in your Qumulo cluster as an administrator. For example:

    qq login \
  -u admin \
  --host 203.0.113.0

  4. To install the SSL certificate for the Qumulo Core Web UI, run the qq ssl_modify_certificate command. For example:

    qq ssl_modify_certificate \
  --host 203.0.113.0 \
  -c certbundle.pem \
  -k private.key.insecure

  5. To install the SSL certificate for the LDAP server, run the qq ssl_modify_ca_certificate command. For example:

    qq ssl_modify_ca_certificate \
  -c myCertificate.pem

To Import a Certificate Authority (CA) Certificate on macOS

  1. Press ⌘ + Space, enter Keychain Access, and press Enter.

  2. When prompted, click Open Keychain Access.

  3. In the Keychain Access window, on the left panel, under Default Keychains, click login.

  4. On the right, click Certificates.

  5. Copy your CA certificate file to the list of certificates.

  6. Right-click your certificate and then click Get Info.

  7. On the window with the certificate information, expand the Trust section and When using this certificate: select Always Trust.