Basic Secure Sockets Layer (SSL) Guidelines

If you are working on a Lattus system that already has an existing SSL certificate, this section outlines what you need to do to get the public portion of that certificate onto a StorNext MDC to be used for secure https transfers.

Note: StorNext only supports certificates in PEM format.

This section provides guidelines on how to use the PEM (Privacy Enhanced Mail) file that already exists on your Lattus system. A typical PEM file will look like the server.pem illustrated in Example of a server.pem File.

-----BEGIN CERTIFICATE-----

(Your Primary SSL certificate: your_domain_name.crt)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(Your Intermediate certificate: SomeCA.crt)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(Your Root certificate: SomeRoot.crt)

-----END CERTIFICATE-----

This is a Certificate with Private and Public keys:

-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

After you have identified where the PEM file is located, perform Step 1 through Step 5 below to create a public SSL certificate for use on a StorNext MDC:

  1. Assume the name of your self-signed certificate is server.pem and that it contains both a private and public certificates. If your server.pem file only contains 1 public certificate, run the following command from a terminal to create a public.pem certificate file and then proceed to Step 3.
openssl x509 -in server.pem -ou public.pem
  1. If your server.pem file contains multiple public certificates, perform Step 2(a) through Step 2(d):
    1. Issue the following command on the terminal to make a copy of your private key (this file will become your public key):
    cp server.pem public.pem
    1. Open the public.pem file with your text editor of choice:
    vi public.pem
    1. In the above example of the .pem file, delete the lines beginning with text “-----BEGIN RSA PRIVATE KEY----” and ending with “-----END RSA PRIVATE KEY-----”, inclusive.

    Caution: The public.pem file should NOT contain any blank lines. If you edit the file, please verify there are no blank lines in the code. Blank lines in the public.pem file is not supported by the API used to import the file.

    1. Save this public.pem file – the resulting file should look like the example in Example of a public.pem File.
  2. Transfer the public.pem file to a place where the MDC’s GUI can access it.
  3. On the Tools menu of the StorNext GUI, click Object Storage Certificates. The Tools > Object Storage Certificates page appears.
  4. On the Tools > Object Storage Certificates page, click Import.... The Import A Certificate dialog box appears.
  5. In the Import A Certificate dialog box, click Choose File to select a file to import. The Open dialog box appears. Alternatively, click Close to cancel the import.
  6. In the Open dialog box, navigate to the public.pem certificate file you want to import, and then click Open.

Note: Public Certificate files uploaded through the GUI are placed in the following directory: /usr/cvfs/config/ssl

If the import is successful, the Information notification at the top of the Tools > Object Storage Certificates page displays, “Certificate public.pem uploaded successfully.”