1. INFINIDAT Support
  2. InfiniBox
  3. InfiniBox Management Consoles
Communicating with InfiniBox using an SSL certificate

Follow

About this task

This task allows the customer to secure the communication between the management tools and InfiniBox using an SSL certificate. The certificate can be either imported from a certificate authority, or created by InfiniBox. Using a self-signed certificate, eliminates the need to expose the private keys to Infinidat support.

InfiniBox validates:

  • That the certificate is in PEM format
  • The digital signature fits the certificate content

InfiniBox does not validate:

  • The certificate trust-chain

Terminology

CertificateA file allowing a client to validate the identity of the server it is communicating with using information from a 3rd party CA
Each certificate is signed by another certificate, creating a chain up to a parent that both sides can trust.
CACertificate Authority, a trusted 3rd party the client and server use to verify the identity of the server to the client.
SSLCertificate - a certificate used to verify HTTPS servers.

Trust Certificate

(a.k.a trust chain

The set of certificates leading up to the trusted 3rd party both client and server know.

Checking the validity of the current certificate

Click the Settings icon on the navigation tree. On the General tab, click Modify HTTPS Certificate.
The HTTPS Configuration screen opens.


The screen color scheme indicates the certificate validity:

  • Black text - the certificate is valid for at least 30 days  

  • Orange text- the certificate is valid for less than 30 days

  • Red text - the certificate is no longer valid

Importing a certificate to InfiniBox

You can upload either a self-signed certificate or a certificate that was approved by an external certificate authority.

The certificate file is validated for:

  • Format - the certificate has to be in PEM format only
  • Integrity - the certificate digital signature has to match the certificate file content (this validation assures that the certificate file was not hampered anywhere down the trust chain)
  1. Click the Settings icon on the navigation tree. On the General tab, click Configure HTTPS.
    The HTTPS Configuration screen opens.
  2. Click either:
    • Upload certificate
    • Upload signed CSR - for a self-signed certificate
  3. Browse to the certificate file and click Select
  4. Click Modify
    1. The certificate file is uploaded
    2. The certificate file is validated 

Removing a certificate

When the certificate is removed from InfiniBox, the connection between the GUI and InfiniBox is no longer secured.

  1. Click the Settings icon on the navigation tree. On the General tab, click Configure HTTPS.
    The HTTPS Configuration screen opens.
  2. Click either:
    1. Download CSR
    2. Remove certificate
  3. Click Modify.

InfiniShell instructions 

  • config.system.ssl_certificate.upload - sets the SSL certificate for the system
  • config.system.ssl_certificate.create_csr -  creates a Certificate Sign Request (CSR) file. This file includes only the public key and is a more secure method of generating a certificate.
  • config.system.ssl_certificate.upload_signed_csr - sets the certificate using a signed CSR file
  • config.system.ssl_certificate.clear - clears the existing SSL certificate and replaces it with a self-signed certificate

  • config.system.certificate.query - displays a list of the certificate that are currently in use. The screen color scheme indicates the certificate validity (see above)

Returned HTTP code

The redirection returns HTTP code 307.



Print Friendly and PDF Download PDF
Was this article helpful?
0 out of 0 found this helpful

0 out of 0 found this helpful

Comments