This section explains how to install a signed SSL certificate from your certificate authority (CA) on your Qumulo cluster.
Requirements
-
An SSL certificate based on your certificate signing request (CSR) file from your certificate authority (CA)
-
A CA-bundle PEM chain in the following order:
-
Your certificate
-
The intermediate CA
-
The root CA
-
To Install a Signed SSL Certificate on a Qumulo Cluster from the Command Line
-
Verify that your certificate and the CA-bundle are in the PEM format by running the
file *
command.The following is example output.
certbundle.pem: PEM certificate private.key: PEM RSA private key
-
(Optional) If your file isn’t an RSA key, run the
openssl rsa
command to convert your key. For example:openssl rsa \ -in original.key \ -out private.key
-
Run the
qq login
command to log in to a node in your Qumulo cluster as an administrator. For example:qq login \ -u admin \ --host 203.0.113.0
-
Run the
qq ssl_modify_certificate
command to install your certificate. For example:qq ssl_modify_certificate \ --host 203.0.113.0 \ -c certbundle.pem \ -k private.key.insecure
To Import a Certificate Authority (CA) Certificate on macOS
-
Press ⌘ + Space, enter
Keychain Access
, and press Enter. -
When prompted, click Open Keychain Access.
-
In the Keychain Access window, on the left panel, under Default Keychains, click login.
-
On the right, click Certificates.
-
Copy your CA certificate file to the list of certificates.
-
Right-click your certificate and then click Get Info.
-
On the window with the certificate information, expand the Trust section and When using this certificate: select Always Trust.
To ensure your certificate is installed correctly, restart your browser.