About this task
This task allows the customer to secure the communication between the management tools and InfiniBox using an SSL certificate. The certificate can be either imported from a certificate authority, or created by InfiniBox. Using a self-signed certificate, eliminates the need to expose the private keys to Infinidat support.
InfiniBox validates:
- That the certificate is in PEM format
- The digital signature fits the certificate content
InfiniBox does not validate:
- The certificate trust-chain
Terminology
| Certificate | A file allowing a client to validate the identity of the server it is communicating with using information from a 3rd party CA Each certificate is signed by another certificate, creating a chain up to a parent that both sides can trust. |
| CA | Certificate Authority, a trusted 3rd party the client and server use to verify the identity of the server to the client. |
| SSL | Certificate - a certificate used to verify HTTPS servers. |
Trust Certificate (a.k.a trust chain | The set of certificates leading up to the trusted 3rd party both client and server know. |
Checking the validity of the current certificate
Click the Settings icon on the navigation tree. On the General tab, click Modify HTTPS Certificate.
The HTTPS Configuration screen opens.
The screen color scheme indicates the certificate validity:
- Black text - the certificate is valid for at least 30 days
Orange text- the certificate is valid for less than 30 days
Red text - the certificate is no longer valid
Importing a certificate to InfiniBox
You can upload either a self-signed certificate or a certificate that was approved by an external certificate authority.
The certificate file is validated for:
- Format - the certificate has to be in PEM format only
- Integrity - the certificate digital signature has to match the certificate file content (this validation assures that the certificate file was not hampered anywhere down the trust chain)
- Click the Settings icon on the navigation tree. On the General tab, click Configure HTTPS.
The HTTPS Configuration screen opens. - Click either:
- Upload certificate
- Upload signed CSR - for a self-signed certificate
- Browse to the certificate file and click Select.
- Click Modify.
- The certificate file is uploaded
- The certificate file is validated
Removing a certificate
When the certificate is removed from InfiniBox, the connection between the GUI and InfiniBox is no longer secured.
- Click the Settings icon on the navigation tree. On the General tab, click Configure HTTPS.
The HTTPS Configuration screen opens. - Click either:
- Download CSR
- Remove certificate
- Click Modify.
InfiniShell instructions
config.system.ssl_certificate.upload- sets the SSL certificate for the systemconfig.system.ssl_certificate.create_csr- creates a Certificate Sign Request (CSR) file. This file includes only the public key and is a more secure method of generating a certificate.config.system.ssl_certificate.upload_signed_csr- sets the certificate using a signed CSR fileconfig.system.ssl_certificate.clear- clears the existing SSL certificate and replaces it with a self-signed certificateconfig.system.certificate.query- displays a list of the certificate that are currently in use. The screen color scheme indicates the certificate validity (see above)
Returned HTTP code
The redirection returns HTTP code 307.
Last edited: 2021-03-07 16:37:46 UTC
Comments