- Notes, cautions, and warnings
- Overview
- Getting Started with ECS
- Storage Pools, VDCs, and Replication Groups
- Authentication Providers
- Namespaces
- Users and Roles
- Identity and Access Management (S3)
- Buckets
- File Access
- Introduction to file access
- ECS multi-protocol access
- Working with NFS exports in the ECS Portal
- Working with user/group mappings in the ECS Portal
- ECS NFS configuration tasks
- Mount an NFS export example
- NFS access using the ECS Management REST API
- NFS WORM (Write Once, Read Many)
- S3A support
- Geo-replication status
- Maintenance
- Certificates
- ECS Settings
- ECS Outage and Recovery
- Advanced Monitoring
- Advanced Monitoring
- View Advanced Monitoring Dashboards
- View mode
- Export CSV
- Data Access Performance - Overview
- Data Access Performance - by Namespaces
- Data Access Performance - by Nodes
- Data Access Performance - by Protocols
- Disk Bandwidth - by Nodes
- Disk Bandwidth - Overview
- Node Rebalancing
- Process Health - by Nodes
- Process Health - Overview
- Process Health - Process List by Node
- Recovery Status
- SSD Read Cache
- Tech Refresh: Data Migration
- Top Buckets
- Automatic Metering Reconstruction
- Share Advanced Monitoring Dashboards
- View Advanced Monitoring Dashboards
- Flux API
- Dashboard APIs
- Advanced Monitoring
ECS 3.5.0.1 Administration Guide
Generate a SAN configuration
If you want your certificates to support Subject Alternative Names (SANs), you must define the alternative names in a configuration file.
About this task
OpenSSL does not allow you to pass Subject Alternative Names (SANs) through the command line, so you must add them to a configuration file first. To do this, you must locate your default OpenSSL configuration file. On Ubuntu, it is located at /usr/lib/ssl/openssl.cnf.
Steps
-
Create the configuration file.
cp /usr/lib/ssl/openssl.cnf request.conf
-
Edit the configuration file with a text editor and make the following changes.
-
Add the [ alternate_names ] .
For example:
[ alternate_names ] DNS.1 = os.example.com DNS.2 = atmos.example.com DNS.3 = swift.example.com
NOTE There is a space between the bracket and the name of the section.If you are uploading the certificates to ECS nodes rather than to a load balancer, the format is:[ alternate_names ] IP.1 = <IP node 1> IP.2 = <IP node 2> IP.3 = <IP node 3> ...
-
In the section [ v3_ca ], add the following lines:
subjectAltName = @alternate_names basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth
The following line is likely to already exist in this [ v3_ca ] section. If you create a certificate signing request, you must comment it out as shown:#authorityKeyIdentifier=keyid:always,issuer
-
In the [ req ] section, add the following lines:
x509_extensions = v3_ca #for self signed cert req_extensions = v3_ca #for cert signing req
-
In the section [ CA_default ], uncomment or add the line:
copy_extension=copy
-
Add the [ alternate_names ] .
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\