10 managing ssl certificates, Creating an ssl certificate – HP StoreAll Storage User Manual
Page 83
10 Managing SSL certificates
Servers accepting FTPS and HTTPS connections typically provide an SSL certificate that verifies the
identity and owner of the web site being accessed. You can add your existing certificates to the
cluster, enabling file serving nodes to present the appropriate certificate to FTPS and HTTPS clients.
X9000 Software supports PEM certificates.
When you configure the FTP share or the HTTP vhost, select the appropriate certificate.
You can manage certificates from the GUI or the CLI, On the GUI, select Certificates from the
Navigator to open the Certificates panel. The Certificate Summary shows the parameters for the
selected certificate.
Creating an SSL certificate
Before creating a certificate, OpenSSL must be installed and must be included in your PATH variable
(in RHEL5, the path is /usr/bin/openssl).
There are two parts to a certificate: the certificate contents (specified in a .crt file) and a private
key (specified in a .key file). Certificates added to the cluster must meet these requirements:
•
The certificate contents (the .crt file) and the private key (the .key file) must be concatenated
into a single file.
•
The concatenated certificate file must include the headers and footers from the .crt and
.key
files.
•
The concatenated certificate file cannot contain any extra spaces.
Before creating a real certificate, you can create a self-signed SSL certificate and test access with
it. Complete the following steps to create a test certificate that meets the requirements for use in
an X9000 cluster:
Creating an SSL certificate
83