AFF, NVMe, EF-Series, and SolidFire Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AFF, NVMe, EF-Series, and SolidFire Discussions

Start a New Post

SolidFire SSL expiring

JMPALUCH13
‎2019-03-26 09:52 AM

I'm getting a message that my SSL certificate will be expiring in 29 days on the cluster. How do I reset the SSL? It is just using the self-signed one? 

0 Likes
5 Replies
Reply
5 REPLIES 5

Re: SolidFire SSL expiring

ANDRESCHMITZ
NetApp A-Team
‎2019-03-26 01:53 PM

HI, perhaps this document will help you. Page 22.

https://library.netapp.com/ecm/ecm_get_file/ECMLP2844049


You can change the default SSL certificate and private key of the storage node in the cluster using the Element OS API. When an Element OS cluster is created, the cluster creates a unique self-signed Secure Sockets Layer (SSL) certificate and private key that is used for all HTTPS communication via the Element OS web UI, per-node UI, or APIs. Element OS supports self-signed certificates as well as certificates that are issued and verified by a trusted Certificate Authority (CA).

 

You can use the following API methods to get more information about the default SSL certificate and make changes. For details about each method, see the NetApp SolidFire Element OS API Reference Guide.

GetSSLCertificate You can use this method to retrieve information about the currently installed SSL certificate including all certificate details.

SetSSLCertificate You can use this method to set the cluster and per-node SSL certificates to the certificate and private key you supply. The system validates the certificate and private key to prevent an invalid certificate from being applied.

RemoveSSLCertificate This method removes the currently installed SSL certificate and private key. The cluster then generates a new self-signed certificate and private key.

Note: The cluster SSL certificate is automatically applied to all new nodes added to the cluster. Any node removed from the cluster reverts to a self-signed certificate and all user-defined certificate and key information is removed from the node. Kind regards Andre

View solution in original post

0 Likes
5 Replies
Reply

Re: SolidFire SSL expiring

ANDRESCHMITZ
NetApp A-Team
‎2019-03-26 02:01 PM

HI JMPALUCH13 ,

perhaps this document will help you: https://library.netapp.com/ecm/ecm_get_file/ECMLP2844049 see page 22

 

You can change the default SSL certificate and private key of the storage node in the cluster using the
Element OS API.
When an Element OS cluster is created, the cluster creates a unique self-signed Secure Sockets Layer
(SSL) certificate and private key that is used for all HTTPS communication via the Element OS web
UI, per-node UI, or APIs. Element OS supports self-signed certificates as well as certificates that are
issued and verified by a trusted Certificate Authority (CA).
You can use the following API methods to get more information about the default SSL certificate and
make changes. For details about each method, see the NetApp SolidFire Element OS API Reference
Guide.
GetSSLCertificate
You can use this method to retrieve information about the currently installed SSL
certificate including all certificate details.
SetSSLCertificate
You can use this method to set the cluster and per-node SSL certificates to the certificate
and private key you supply. The system validates the certificate and private key to prevent
an invalid certificate from being applied.
RemoveSSLCertificate
This method removes the currently installed SSL certificate and private key. The cluster
then generates a new self-signed certificate and private key.
Note: The cluster SSL certificate is automatically applied to all new nodes added to the cluster.
Any node removed from the cluster reverts to a self-signed certificate and all user-defined
certificate and key information is removed from the node.

0 Likes
5 Replies
Reply

Re: SolidFire SSL expiring

elementx
NetApp
‎2019-04-01 09:24 AM

By default it's self-signed (by NetApp), but you can replace it with your own (e.g. a wildcard cert for the cluster) which can be either self-signed or (better) backed by a CA as per the document linked in the other reply.

0 Likes
5 Replies
Reply

Re: SolidFire SSL expiring

Daredia
NetApp
‎2020-06-25 05:09 PM

What are the steps to replacing the default SSL certificate with one your own which is backed by a CA?

0 Likes
5 Replies
Reply

Re: SolidFire SSL expiring

elementx
NetApp
‎2020-06-25 05:19 PM

It's answered above by AndreSchmitz - a "Set" API method for SSL Certificates is mentioned and it says that it works for both self-signed and CA signed certificates.

 

SolidFire / Element Software doesn't validate certificates. 

0 Likes
5 Replies
Reply
Cloud Volumes ONTAP
Review Banner
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2021 NetApp
Let us know
Public