- Notes, cautions, and warnings
- Overview
- Getting Started with ECS
- Storage Pools, VDCs, and Replication Groups
- Authentication Providers
- Namespaces
- Users and Roles
- Identity and Access Management (S3)
- Buckets
- File Access
- Introduction to file access
- ECS multi-protocol access
- Working with NFS exports in the ECS Portal
- Working with user/group mappings in the ECS Portal
- ECS NFS configuration tasks
- Mount an NFS export example
- NFS access using the ECS Management REST API
- NFS WORM (Write Once, Read Many)
- S3A support
- Geo-replication status
- Maintenance
- Certificates
- ECS Settings
- ECS Outage and Recovery
- Advanced Monitoring
- Advanced Monitoring
- View Advanced Monitoring Dashboards
- View mode
- Export CSV
- Data Access Performance - Overview
- Data Access Performance - by Namespaces
- Data Access Performance - by Nodes
- Data Access Performance - by Protocols
- Disk Bandwidth - by Nodes
- Disk Bandwidth - Overview
- Node Rebalancing
- Process Health - by Nodes
- Process Health - Overview
- Process Health - Process List by Node
- Recovery Status
- SSD Read Cache
- Tech Refresh: Data Migration
- Top Buckets
- Automatic Metering Reconstruction
- Share Advanced Monitoring Dashboards
- View Advanced Monitoring Dashboards
- Flux API
- Dashboard APIs
- Advanced Monitoring
ECS 3.5.0.1 Administration Guide
Generate certificates
You can generate a self-signed certificate, or you can purchase a certificate from a certificate authority (CA). The CA-signed certificate is strongly recommended for production purposes because it can be validated by any client machine without any extra steps.
Certificates must be in PEM-encoded x509 format.
When you generate a certificate, you typically specify the hostname where the certificate is used. Because ECS has multiple nodes, and each node has its own hostname, installing a certificate created for a specific hostname could cause a common name mismatch error on the nodes that do not have that hostname. You can create certificates with alternative IPs or hostnames called Subject Alternative Names (SANs).
For maximum compatibility with object protocols, the Common Name (CN) on your certificate must point to the wildcard DNS entry used by S3, because S3 is the only protocol that utilizes virtually-hosted buckets (and injects the bucket name into the hostname). You can specify only one wildcard entry on an SSL certificate and it must be under the CN. The other DNS entries for your load balancer for the Atmos and Swift protocols must be registered as a Subject Alternative Names (SANs) on the certificate.
The topics in this section show how to generate a certificate or certificate request using openssl, however, your IT organization may have different requirements or procedures for generating certificates.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\