Forums

Home / Forums

You need to log in to create posts and topics. Login · Register

Using "real" certificates

Hi admin,

Is it possible to use a "real" certificates (ex. for petasan.company.com) so that we can access the web ui in a secure way by entering a hostname?

Kind regards,
Reto

with the auto-generated certificate, you can use hostnames or ip addresses.

if you need to get a real certificate signed by a real authority, the certificates are stored in /opt/petasan/config/certificates/  on all 3 management nodes. The same certificate should specify all 3 management node ips and hostnames.

Hi admin,

I'm not 100% sure, but I think that it's not possible to add ip addresses to a certificate signed by a real authority.
Is there a problem if the ip addresses are not in the certificate?

Thank you

it is probably ok to just use hostnames only, i would recommend you try to test sign certificate with similar parameters as the real one and make sure it works ok.

One more thing is you would be replacing the server.crt and server.key but do not remove the root ones, they could be used by PetaSAN in the future for S3 https certificates and possibly other services.