-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0ef15d2
commit e160392
Showing
2 changed files
with
66 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
65 changes: 65 additions & 0 deletions
65
...euse/admin-guides/encryption-data-security/installing-signed-ssl-certificate.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| ## Requirements | ||
|
|
||
| * An SSL certificate based on your certificate signing request (CSR) file from your certificate authority (CA) | ||
|
|
||
| * A CA-bundle PEM chain in the following order: | ||
|
|
||
| * Your certificate | ||
|
|
||
| * The intermediate CA | ||
|
|
||
| * The root CA | ||
|
|
||
| ## To Install a Signed SSL Certificate on a Qumulo Cluster from the Command Line | ||
|
|
||
| 1. Verify that your certificate and the CA-bundle are in the PEM format by running the `file *` command. | ||
|
|
||
| {{site.commandOutput}} | ||
|
|
||
| ```bash | ||
| certbundle.pem: PEM certificate | ||
| private.key: PEM RSA private key | ||
| ``` | ||
|
|
||
| 1. (Optional) If your file isn't an RSA key, use the `openssl rsa` command to convert your key. For example: | ||
|
|
||
| ```bash | ||
| openssl rsa \ | ||
| -in original.key \ | ||
| -out private.key | ||
| ``` | ||
|
|
||
| 1. Use the [`qq login`](https://docs.qumulo.com/qq-cli-command-guide/login/login.html) command to log in to your Qumulo cluster as an administrator. For example: | ||
|
|
||
| ```bash | ||
| qq login \ | ||
| -u admin \ | ||
| --host {{site.exampleIP0}} | ||
| ``` | ||
|
|
||
| 1. Use the [`qq ssl_modify_certificate`](https://docs.qumulo.com/qq-cli-command-guide/ssl/ssl_modify_certificate.html) command to install your certificate. For example: | ||
|
|
||
| ```bash | ||
| qq ssl_modify_certificate \ | ||
| --host {{site.exampleIP0}} \ | ||
| -c certbundle.pem \ | ||
| -k private.key.insecure | ||
| ``` | ||
|
|
||
| ## To Import a Certificate Authority (CA) Certificate on macOS | ||
|
|
||
| 1. Press **⌘ + Space**, enter `Keychain Access`, and press **Enter**. | ||
|
|
||
| 1. When prompted, click **Open Keychain Access**. | ||
|
|
||
| 1. In the **Keychain Access** window, on the left panel, under **Default Keychains**, click **login**. | ||
|
|
||
| 1. On the right, click **Certificates**. | ||
|
|
||
| 1. Copy your CA certificate file to the list of certificates. | ||
|
|
||
| 1. Right-click your certificate and then click **Get Info**. | ||
|
|
||
| 1. On the window with the certificate information, expand the **Trust** section and **When using this certificate:** select **Always Trust**. | ||
|
|
||
| {% include note.html content="To ensure your certificate is installed correctly, restart your browser." %} |