Using "real" certificates
RST
17 Posts
October 4, 2020, 4:13 pmQuote from RST on October 4, 2020, 4:13 pmHi admin,
Is it possible to use a "real" certificates (ex. for petasan.company.com) so that we can access the web ui in a secure way by entering a hostname?
Kind regards,
Reto
Hi admin,
Is it possible to use a "real" certificates (ex. for petasan.company.com) so that we can access the web ui in a secure way by entering a hostname?
Kind regards,
Reto
admin
2,930 Posts
October 4, 2020, 5:13 pmQuote from admin on October 4, 2020, 5:13 pmwith the auto-generated certificate, you can use hostnames or ip addresses.
if you need to get a real certificate signed by a real authority, the certificates are stored in /opt/petasan/config/certificates/ on all 3 management nodes. The same certificate should specify all 3 management node ips and hostnames.
with the auto-generated certificate, you can use hostnames or ip addresses.
if you need to get a real certificate signed by a real authority, the certificates are stored in /opt/petasan/config/certificates/ on all 3 management nodes. The same certificate should specify all 3 management node ips and hostnames.
Last edited on October 4, 2020, 5:13 pm by admin · #2
RST
17 Posts
October 5, 2020, 6:31 amQuote from RST on October 5, 2020, 6:31 amHi admin,
I'm not 100% sure, but I think that it's not possible to add ip addresses to a certificate signed by a real authority.
Is there a problem if the ip addresses are not in the certificate?
Thank you
Hi admin,
I'm not 100% sure, but I think that it's not possible to add ip addresses to a certificate signed by a real authority.
Is there a problem if the ip addresses are not in the certificate?
Thank you
admin
2,930 Posts
October 5, 2020, 9:19 amQuote from admin on October 5, 2020, 9:19 amit is probably ok to just use hostnames only, i would recommend you try to test sign certificate with similar parameters as the real one and make sure it works ok.
One more thing is you would be replacing the server.crt and server.key but do not remove the root ones, they could be used by PetaSAN in the future for S3 https certificates and possibly other services.
it is probably ok to just use hostnames only, i would recommend you try to test sign certificate with similar parameters as the real one and make sure it works ok.
One more thing is you would be replacing the server.crt and server.key but do not remove the root ones, they could be used by PetaSAN in the future for S3 https certificates and possibly other services.
Last edited on October 5, 2020, 9:20 am by admin · #4
Using "real" certificates
RST
17 Posts
Quote from RST on October 4, 2020, 4:13 pmHi admin,
Is it possible to use a "real" certificates (ex. for petasan.company.com) so that we can access the web ui in a secure way by entering a hostname?
Kind regards,
Reto
Hi admin,
Is it possible to use a "real" certificates (ex. for petasan.company.com) so that we can access the web ui in a secure way by entering a hostname?
Kind regards,
Reto
admin
2,930 Posts
Quote from admin on October 4, 2020, 5:13 pmwith the auto-generated certificate, you can use hostnames or ip addresses.
if you need to get a real certificate signed by a real authority, the certificates are stored in /opt/petasan/config/certificates/ on all 3 management nodes. The same certificate should specify all 3 management node ips and hostnames.
with the auto-generated certificate, you can use hostnames or ip addresses.
if you need to get a real certificate signed by a real authority, the certificates are stored in /opt/petasan/config/certificates/ on all 3 management nodes. The same certificate should specify all 3 management node ips and hostnames.
RST
17 Posts
Quote from RST on October 5, 2020, 6:31 amHi admin,
I'm not 100% sure, but I think that it's not possible to add ip addresses to a certificate signed by a real authority.
Is there a problem if the ip addresses are not in the certificate?Thank you
Hi admin,
I'm not 100% sure, but I think that it's not possible to add ip addresses to a certificate signed by a real authority.
Is there a problem if the ip addresses are not in the certificate?
Thank you
admin
2,930 Posts
Quote from admin on October 5, 2020, 9:19 amit is probably ok to just use hostnames only, i would recommend you try to test sign certificate with similar parameters as the real one and make sure it works ok.
One more thing is you would be replacing the server.crt and server.key but do not remove the root ones, they could be used by PetaSAN in the future for S3 https certificates and possibly other services.
it is probably ok to just use hostnames only, i would recommend you try to test sign certificate with similar parameters as the real one and make sure it works ok.
One more thing is you would be replacing the server.crt and server.key but do not remove the root ones, they could be used by PetaSAN in the future for S3 https certificates and possibly other services.