Hi!

So far I have configured S3 buckets for FabricPool or Veeam environments with self-signed certificates.

The thing is that given the multiple applications that my customers are starting to use with S3 repositories, they see that Netapp has this possibility and I would like to test a configuration to provide this service but installing external certificates, signed by external CA.

I'm reading the documentation and as I'm not a great expert in certificate matters I don't get to understand how such a configuration would be done, what requirements I need and how to implement it. I am asking for help please to guide me in this process to understand if the steps are correct.

First, I have to request a certificate signing request with “security certificate generate-csr -common-name myS3.mydomain.com....”. I understand that here you indicate the name that the S3 URL will have and the production domain that signs it.

Is there any special purpose of the certificate to indicate?

I have to return the  CA root and intermediate certificates apart from the signed certificate for myS3.mydomain.com and install them for the created SVM S3.

The following steps I know and I have no problem.

Now, when the S3 Object Store has to be created, the command vserver object-store-server has to be given -certifiate-name, is the common name of the generated certificate indicated here?

Then the bucket is created, the user and so on.

In the client authentication part, from the machine you want to access the S3, is it necessary to install a certificate?,

I understand that the validation is done by entering the URL and user's access key and secret key.

I don't know if there is any limitation to implement this On-Premisse solution or any other issue that I am not taking into account.
Thank you very much for your help.