topic Re: SolidFire SSL expiring in SolidFire and HCI

SolidFire SSL expiring

JMPALUCH13 — Tue, 26 Mar 2019 16:52:56 GMT

I'm getting a message that my SSL certificate will be expiring in 29 days on the cluster. How do I reset the SSL? It is just using the self-signed one?

Re: SolidFire SSL expiring

AndreUnterberg — Tue, 26 Mar 2019 20:55:39 GMT

HI, perhaps this document will help you. Page 22.

https://library.netapp.com/ecm/ecm_get_file/ECMLP2844049

You can use the following API methods to get more information about the default SSL certificate and make changes. For details about each method, see the NetApp SolidFire Element OS API Reference Guide.

GetSSLCertificate You can use this method to retrieve information about the currently installed SSL certificate including all certificate details.

SetSSLCertificate You can use this method to set the cluster and per-node SSL certificates to the certificate and private key you supply. The system validates the certificate and private key to prevent an invalid certificate from being applied.

RemoveSSLCertificate This method removes the currently installed SSL certificate and private key. The cluster then generates a new self-signed certificate and private key.

Note: The cluster SSL certificate is automatically applied to all new nodes added to the cluster. Any node removed from the cluster reverts to a self-signed certificate and all user-defined certificate and key information is removed from the node. Kind regards Andre

Re: SolidFire SSL expiring

AndreUnterberg — Tue, 26 Mar 2019 21:01:06 GMT

HI JMPALUCH13 ,

perhaps this document will help you: https://library.netapp.com/ecm/ecm_get_file/ECMLP2844049 see page 22

You can change the default SSL certificate and private key of the storage node in the cluster using the
Element OS API.
When an Element OS cluster is created, the cluster creates a unique self-signed Secure Sockets Layer
(SSL) certificate and private key that is used for all HTTPS communication via the Element OS web
UI, per-node UI, or APIs. Element OS supports self-signed certificates as well as certificates that are
issued and verified by a trusted Certificate Authority (CA).
You can use the following API methods to get more information about the default SSL certificate and
make changes. For details about each method, see the NetApp SolidFire Element OS API Reference
Guide.
GetSSLCertificate
You can use this method to retrieve information about the currently installed SSL
certificate including all certificate details.
SetSSLCertificate
You can use this method to set the cluster and per-node SSL certificates to the certificate
and private key you supply. The system validates the certificate and private key to prevent
an invalid certificate from being applied.
RemoveSSLCertificate
This method removes the currently installed SSL certificate and private key. The cluster
then generates a new self-signed certificate and private key.
Note: The cluster SSL certificate is automatically applied to all new nodes added to the cluster.
Any node removed from the cluster reverts to a self-signed certificate and all user-defined
certificate and key information is removed from the node.

Re: SolidFire SSL expiring

elementx — Mon, 01 Apr 2019 16:24:02 GMT

By default it's self-signed (by NetApp), but you can replace it with your own (e.g. a wildcard cert for the cluster) which can be either self-signed or (better) backed by a CA as per the document linked in the other reply.

Re: SolidFire SSL expiring

Daredia — Fri, 26 Jun 2020 00:09:46 GMT

What are the steps to replacing the default SSL certificate with one your own which is backed by a CA?

Re: SolidFire SSL expiring

elementx — Fri, 26 Jun 2020 00:19:22 GMT

It's answered above by AndreSchmitz - a "Set" API method for SSL Certificates is mentioned and it says that it works for both self-signed and CA signed certificates.

SolidFire / Element Software doesn't validate certificates.