topic S3 configuration with non self-signed Certificate in Network and Storage Protocols https://community.netapp.com/t5/Network-and-Storage-Protocols/S3-configuration-with-non-self-signed-Certificate/m-p/459917#M10169 <P>Hi!</P><P>So far I have configured S3 buckets for FabricPool or Veeam environments with self-signed certificates.</P><P>&nbsp;</P><P>The thing is that given the multiple applications that my customers are starting to use with S3 repositories, they see that Netapp has this possibility and I would like to test a configuration to provide this service but installing external certificates, signed by external CA.</P><P>&nbsp;</P><P>I'm reading the documentation and as I'm not a great expert in certificate matters I don't get to understand how such a configuration would be done, what requirements I need and how to implement it. I am asking for help please to guide me in this process to understand if the steps are correct.</P><P>&nbsp;</P><P>First, I have to request a certificate signing request with “security certificate generate-csr -common-name myS3.mydomain.com....”. I understand that here you indicate the name that the S3 URL will have and the production domain that signs it.</P><P>Is there any special purpose of the certificate to indicate?</P><P>&nbsp;</P><P>I have to return the&nbsp; CA root and intermediate certificates apart from the signed certificate for myS3.mydomain.com and install them for the created SVM S3.</P><P>&nbsp;</P><P>The following steps I know and I have no problem.</P><P>&nbsp;</P><P>Now, when the S3 Object Store has to be created, the command vserver object-store-server has to be given -certifiate-name, is the common name of the generated certificate indicated here?</P><P>&nbsp;</P><P>Then the bucket is created, the user and so on.</P><P>&nbsp;</P><P>In the client authentication part, from the machine you want to access the S3, is it necessary to install a certificate?,</P><P>I understand that the validation is done by entering the URL and user's access key and secret key.</P><P>&nbsp;</P><P>I don't know if there is any limitation to implement this On-Premisse solution or any other issue that I am not taking into account.<BR />Thank you very much for your help.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 03 Apr 2025 07:32:29 GMT Kiko 2025-04-03T07:32:29Z S3 configuration with non self-signed Certificate https://community.netapp.com/t5/Network-and-Storage-Protocols/S3-configuration-with-non-self-signed-Certificate/m-p/459917#M10169 <P>Hi!</P><P>So far I have configured S3 buckets for FabricPool or Veeam environments with self-signed certificates.</P><P>&nbsp;</P><P>The thing is that given the multiple applications that my customers are starting to use with S3 repositories, they see that Netapp has this possibility and I would like to test a configuration to provide this service but installing external certificates, signed by external CA.</P><P>&nbsp;</P><P>I'm reading the documentation and as I'm not a great expert in certificate matters I don't get to understand how such a configuration would be done, what requirements I need and how to implement it. I am asking for help please to guide me in this process to understand if the steps are correct.</P><P>&nbsp;</P><P>First, I have to request a certificate signing request with “security certificate generate-csr -common-name myS3.mydomain.com....”. I understand that here you indicate the name that the S3 URL will have and the production domain that signs it.</P><P>Is there any special purpose of the certificate to indicate?</P><P>&nbsp;</P><P>I have to return the&nbsp; CA root and intermediate certificates apart from the signed certificate for myS3.mydomain.com and install them for the created SVM S3.</P><P>&nbsp;</P><P>The following steps I know and I have no problem.</P><P>&nbsp;</P><P>Now, when the S3 Object Store has to be created, the command vserver object-store-server has to be given -certifiate-name, is the common name of the generated certificate indicated here?</P><P>&nbsp;</P><P>Then the bucket is created, the user and so on.</P><P>&nbsp;</P><P>In the client authentication part, from the machine you want to access the S3, is it necessary to install a certificate?,</P><P>I understand that the validation is done by entering the URL and user's access key and secret key.</P><P>&nbsp;</P><P>I don't know if there is any limitation to implement this On-Premisse solution or any other issue that I am not taking into account.<BR />Thank you very much for your help.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 03 Apr 2025 07:32:29 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/S3-configuration-with-non-self-signed-Certificate/m-p/459917#M10169 Kiko 2025-04-03T07:32:29Z