If you are working on a Lattus system that already has an existing SSL certificate, this section outlines what you need to do to get the public portion of that certificate onto a StorNext MDC to be used for secure https transfers.
Note: StorNext only supports certificates in PEM format.
This section provides guidelines on how to use the PEM (Privacy Enhanced Mail) file that already exists on your Lattus system. A typical PEM file will look like the server.pem illustrated in Example of a server.pem File.
- The PEM file is a clear text file which contains both a private and public SSL certificate.
- The private portion of the PEM file begins with the text “
-----BEGIN RSA PRIVATE KEY----” and ends with the text “-----END RSA PRIVATE KEY-----”. Below is an example of a PEM file containing 4 public certificates and 1 private certificate.
|
-----BEGIN CERTIFICATE----- (Your Primary SSL certificate: your_domain_name.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Intermediate certificate: SomeCA.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Root certificate: SomeRoot.crt) -----END CERTIFICATE----- This is a Certificate with Private and Public keys: -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- |
- The private portion of the PEM file should NEVER be transferred off the Lattus system in any format for use by a StorNext MDC, as the private portion of the PEM file is never needed by a StorNext MDC. This helps to ensure that the security on the Lattus system remains intact and is not jeopardized.
After you have identified where the PEM file is located, perform Step 1 through Step 5 below to create a public SSL certificate for use on a StorNext MDC:
- Assume the name of your self-signed certificate is
server.pemand that it contains both a private and public certificates. If yourserver.pemfile only contains 1 public certificate, run the following command from a terminal to create apublic.pemcertificate file and then proceed to Step 3.
- If your
server.pemfile contains multiple public certificates, perform Step 2(a) through Step 2(d):- Issue the following command on the terminal to make a copy of your private key (this file will become your public key):
cp server.pem public.pem- Open the
public.pemfile with your text editor of choice:
vi public.pem- In the above example of the .pem file, delete the lines beginning with text “
-----BEGIN RSA PRIVATE KEY----” and ending with “-----END RSA PRIVATE KEY-----”, inclusive.
Caution: The
public.pemfile should NOT contain any blank lines. If you edit the file, please verify there are no blank lines in the code. Blank lines in thepublic.pemfile is not supported by the API used to import the file.- Save this
public.pemfile – the resulting file should look like the example in Example of a public.pem File.
- Transfer the
public.pemfile to a place where the MDC’s GUI can access it. - On the Tools menu of the StorNext GUI, click Object Storage Certificates. The Tools > Object Storage Certificates page appears.
- On the Tools > Object Storage Certificates page, click Import.... The Import A Certificate dialog box appears.
- In the Import A Certificate dialog box, click Choose File to select a file to import. The Open dialog box appears. Alternatively, click Close to cancel the import.
- In the Open dialog box, navigate to the
public.pemcertificate file you want to import, and then click Open.
Note: Public Certificate files uploaded through the GUI are placed in the following directory: /usr/cvfs/config/ssl
If the import is successful, the Information notification at the top of the Tools > Object Storage Certificates page displays, “Certificate public.pem uploaded successfully.”
