This section explains how to install a signed SSL certificate from your certificate authority (CA) on your Qumulo cluster.

Requirements

  • An SSL certificate based on your certificate signing request (CSR) file from your certificate authority (CA)

  • A CA-bundle PEM chain in the following order:

    • Your certificate

    • The intermediate CA

    • The root CA

To Install a Signed SSL Certificate on a Qumulo Cluster from the Command Line

  1. Verify that your certificate and the CA-bundle are in the PEM format by running the file * command.

    The following is example output.

    certbundle.pem: PEM certificate
    private.key: PEM RSA private key
    
  2. (Optional) If your file isn’t an RSA key, run the openssl rsa command to convert your key. For example:

    openssl rsa \
      -in original.key \
      -out private.key
    
  3. Run the qq login command to log in to a node in your Qumulo cluster as an administrator. For example:

    qq login \
      -u admin \
      --host 203.0.113.0
    
  4. Run the qq ssl_modify_certificate command to install your certificate. For example:

    qq ssl_modify_certificate \
      --host 203.0.113.0 \
      -c certbundle.pem \
      -k private.key.insecure
    

To Import a Certificate Authority (CA) Certificate on macOS

  1. Press ⌘ + Space, enter Keychain Access, and press Enter.

  2. When prompted, click Open Keychain Access.

  3. In the Keychain Access window, on the left panel, under Default Keychains, click login.

  4. On the right, click Certificates.

  5. Copy your CA certificate file to the list of certificates.

  6. Right-click your certificate and then click Get Info.

  7. On the window with the certificate information, expand the Trust section and When using this certificate: select Always Trust.