AFF, NVMe, EF-Series, and SolidFire Discussions

SolidFire SSL expiring

I'm getting a message that my SSL certificate will be expiring in 29 days on the cluster. How do I reset the SSL? It is just using the self-signed one? 

5 REPLIES 5
Highlighted

Re: SolidFire SSL expiring

HI, perhaps this document will help you. Page 22.

https://library.netapp.com/ecm/ecm_get_file/ECMLP2844049


You can change the default SSL certificate and private key of the storage node in the cluster using the Element OS API. When an Element OS cluster is created, the cluster creates a unique self-signed Secure Sockets Layer (SSL) certificate and private key that is used for all HTTPS communication via the Element OS web UI, per-node UI, or APIs. Element OS supports self-signed certificates as well as certificates that are issued and verified by a trusted Certificate Authority (CA).

 

You can use the following API methods to get more information about the default SSL certificate and make changes. For details about each method, see the NetApp SolidFire Element OS API Reference Guide.

GetSSLCertificate You can use this method to retrieve information about the currently installed SSL certificate including all certificate details.

SetSSLCertificate You can use this method to set the cluster and per-node SSL certificates to the certificate and private key you supply. The system validates the certificate and private key to prevent an invalid certificate from being applied.

RemoveSSLCertificate This method removes the currently installed SSL certificate and private key. The cluster then generates a new self-signed certificate and private key.

Note: The cluster SSL certificate is automatically applied to all new nodes added to the cluster. Any node removed from the cluster reverts to a self-signed certificate and all user-defined certificate and key information is removed from the node. Kind regards Andre

View solution in original post

Highlighted

Re: SolidFire SSL expiring

HI JMPALUCH13 ,

perhaps this document will help you: https://library.netapp.com/ecm/ecm_get_file/ECMLP2844049 see page 22

 

You can change the default SSL certificate and private key of the storage node in the cluster using the
Element OS API.
When an Element OS cluster is created, the cluster creates a unique self-signed Secure Sockets Layer
(SSL) certificate and private key that is used for all HTTPS communication via the Element OS web
UI, per-node UI, or APIs. Element OS supports self-signed certificates as well as certificates that are
issued and verified by a trusted Certificate Authority (CA).
You can use the following API methods to get more information about the default SSL certificate and
make changes. For details about each method, see the NetApp SolidFire Element OS API Reference
Guide.
GetSSLCertificate
You can use this method to retrieve information about the currently installed SSL
certificate including all certificate details.
SetSSLCertificate
You can use this method to set the cluster and per-node SSL certificates to the certificate
and private key you supply. The system validates the certificate and private key to prevent
an invalid certificate from being applied.
RemoveSSLCertificate
This method removes the currently installed SSL certificate and private key. The cluster
then generates a new self-signed certificate and private key.
Note: The cluster SSL certificate is automatically applied to all new nodes added to the cluster.
Any node removed from the cluster reverts to a self-signed certificate and all user-defined
certificate and key information is removed from the node.

Highlighted

Re: SolidFire SSL expiring

By default it's self-signed (by NetApp), but you can replace it with your own (e.g. a wildcard cert for the cluster) which can be either self-signed or (better) backed by a CA as per the document linked in the other reply.

Highlighted

Re: SolidFire SSL expiring

What are the steps to replacing the default SSL certificate with one your own which is backed by a CA?

Highlighted

Re: SolidFire SSL expiring

It's answered above by AndreSchmitz - a "Set" API method for SSL Certificates is mentioned and it says that it works for both self-signed and CA signed certificates.

 

SolidFire / Element Software doesn't validate certificates. 

Check out the KB!
NetApp Insights To Action
All Community Forums