SolidFire and HCI

SolidFire SSL expiring

JMPALUCH13
5,537 Views

I'm getting a message that my SSL certificate will be expiring in 29 days on the cluster. How do I reset the SSL? It is just using the self-signed one? 

1 ACCEPTED SOLUTION

AndreUnterberg
5,442 Views

HI, perhaps this document will help you. Page 22.

https://library.netapp.com/ecm/ecm_get_file/ECMLP2844049


You can change the default SSL certificate and private key of the storage node in the cluster using the Element OS API. When an Element OS cluster is created, the cluster creates a unique self-signed Secure Sockets Layer (SSL) certificate and private key that is used for all HTTPS communication via the Element OS web UI, per-node UI, or APIs. Element OS supports self-signed certificates as well as certificates that are issued and verified by a trusted Certificate Authority (CA).

 

You can use the following API methods to get more information about the default SSL certificate and make changes. For details about each method, see the NetApp SolidFire Element OS API Reference Guide.

GetSSLCertificate You can use this method to retrieve information about the currently installed SSL certificate including all certificate details.

SetSSLCertificate You can use this method to set the cluster and per-node SSL certificates to the certificate and private key you supply. The system validates the certificate and private key to prevent an invalid certificate from being applied.

RemoveSSLCertificate This method removes the currently installed SSL certificate and private key. The cluster then generates a new self-signed certificate and private key.

Note: The cluster SSL certificate is automatically applied to all new nodes added to the cluster. Any node removed from the cluster reverts to a self-signed certificate and all user-defined certificate and key information is removed from the node. Kind regards Andre

View solution in original post

5 REPLIES 5

AndreUnterberg
5,443 Views

HI, perhaps this document will help you. Page 22.

https://library.netapp.com/ecm/ecm_get_file/ECMLP2844049


You can change the default SSL certificate and private key of the storage node in the cluster using the Element OS API. When an Element OS cluster is created, the cluster creates a unique self-signed Secure Sockets Layer (SSL) certificate and private key that is used for all HTTPS communication via the Element OS web UI, per-node UI, or APIs. Element OS supports self-signed certificates as well as certificates that are issued and verified by a trusted Certificate Authority (CA).

 

You can use the following API methods to get more information about the default SSL certificate and make changes. For details about each method, see the NetApp SolidFire Element OS API Reference Guide.

GetSSLCertificate You can use this method to retrieve information about the currently installed SSL certificate including all certificate details.

SetSSLCertificate You can use this method to set the cluster and per-node SSL certificates to the certificate and private key you supply. The system validates the certificate and private key to prevent an invalid certificate from being applied.

RemoveSSLCertificate This method removes the currently installed SSL certificate and private key. The cluster then generates a new self-signed certificate and private key.

Note: The cluster SSL certificate is automatically applied to all new nodes added to the cluster. Any node removed from the cluster reverts to a self-signed certificate and all user-defined certificate and key information is removed from the node. Kind regards Andre

AndreUnterberg
5,502 Views

HI JMPALUCH13 ,

perhaps this document will help you: https://library.netapp.com/ecm/ecm_get_file/ECMLP2844049 see page 22

 

You can change the default SSL certificate and private key of the storage node in the cluster using the
Element OS API.
When an Element OS cluster is created, the cluster creates a unique self-signed Secure Sockets Layer
(SSL) certificate and private key that is used for all HTTPS communication via the Element OS web
UI, per-node UI, or APIs. Element OS supports self-signed certificates as well as certificates that are
issued and verified by a trusted Certificate Authority (CA).
You can use the following API methods to get more information about the default SSL certificate and
make changes. For details about each method, see the NetApp SolidFire Element OS API Reference
Guide.
GetSSLCertificate
You can use this method to retrieve information about the currently installed SSL
certificate including all certificate details.
SetSSLCertificate
You can use this method to set the cluster and per-node SSL certificates to the certificate
and private key you supply. The system validates the certificate and private key to prevent
an invalid certificate from being applied.
RemoveSSLCertificate
This method removes the currently installed SSL certificate and private key. The cluster
then generates a new self-signed certificate and private key.
Note: The cluster SSL certificate is automatically applied to all new nodes added to the cluster.
Any node removed from the cluster reverts to a self-signed certificate and all user-defined
certificate and key information is removed from the node.

elementx
5,356 Views

By default it's self-signed (by NetApp), but you can replace it with your own (e.g. a wildcard cert for the cluster) which can be either self-signed or (better) backed by a CA as per the document linked in the other reply.

Daredia
4,708 Views

What are the steps to replacing the default SSL certificate with one your own which is backed by a CA?

elementx
4,701 Views

It's answered above by AndreSchmitz - a "Set" API method for SSL Certificates is mentioned and it says that it works for both self-signed and CA signed certificates.

 

SolidFire / Element Software doesn't validate certificates. 

Public