This post is more than 5 years old
9 Posts
1
3109
Custom certificate for Celerra Manager
Hi,
How do I install a custom certificate for the Celerra Manager web page? My browsing through the docs so far only talk about the personas and CA certificates installed on a data mover.
I'd like like to generate a new certificate signed from our own trusted pki structure.
Regards,
Anders
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
April 13th, 2010 09:00
You are right, the process to install a custom SSL certificate is not well documented. But I have completed the process a couple of times and differs between 5.5 and 5.6. But, here is the process for 5.6 NAS code.
To install a custom SSL certificate signed by the local Certificate Authority, you will need to modify "/nas/http/conf/celerrassl.cnf" on the Control Station.
cp /nas/http/conf/celerrassl.cnf /home/nasadmin/celerrassl.cnf.bak
IP_ADDR =
HOSTNAME_LONG =
HOSTNAME_SHORT=
/usr/bin/openssl req -new -key /nas/http/conf/current.key -config /nas/http/conf/celerrassl.cnf -out /home/nasadmin/cert_request
cat /home/nasadmin/cert_request
ln -s /nas/http/conf/ssl.crt/ssl_custom_cert /nas/http/conf/current.crt
If all goes well, you should see the locked symbol in the browser when you connect to Celerra Manager. Otherwise, Celerra will generate a new certificate and use it instead.
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
April 13th, 2010 09:00
Welcome to the forum Aaron, nice to have former IDE here
ablomgren
9 Posts
0
April 14th, 2010 00:00
Thanks a bunch! Now I just have to figure out which init script you use for apache... if that takes too long I'll just reboot the control station.
This should be in the official documentation.
-Anders
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
1
April 14th, 2010 08:00
I usually kill the Apache root process. In 5.6 NAS code If apache is killed, it will be restarted automatically.
Try,
/bin/kill -TERM `cat /nas/http/logs/start_apache.pid`
Rafter81
6 Posts
0
May 12th, 2010 08:00
Hi guys, this is something I've been looking for..
How about creating a certificate signed by a external third party CA?
Do need to import root certificates?
Cheers!
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
May 12th, 2010 08:00
For the control station, it is the same process for the external third party CA. No need to import a root certificate to the control station because the browser takes care of the verification to the CA just need the signed certificate.
Control Station looks like any other Apache server with a signed SSL certificate.
Now, if you want to implement PKI on the datamovers that is a different story. You can find more information in the Celerra Docs under Security.
umichklewis_ac7b91
300 Posts
0
May 17th, 2011 11:00
I've used these same instructions to accept a third-party cert. Works great! However, if you have dual control stations and failover between CS0 and CS1, the CS automatically generates the default cert and starts using it! How do we disable the automatic cert generation and stick with the custom, third-party cert?
Karl