Verify the object certificate

You can retrieve the installed object certificate using the ECS Management REST API.

Before you begin

  • Ensure that you have authenticated with the ECS Management REST API and stored the token in a variable ($TOKEN). See Authenticate with the ECS Management REST API.
  • If you have restarted services, the certificate will be available immediately. Otherwise, you need to wait two hours to be sure that the certificate has propagated to all nodes.


  1. Use the GET /object-cert/keystore method to return the certificate.
    Using the curl tool, the method can be run by typing the following:
    curl -svk -H "X-SDS-AUTH-TOKEN: $TOKEN" https://x.x.x.x:4443/object-cert/keystore
    Using the ECS command line interface (
    python keystore show –hostname <ecs_host_ip> -port 4443 –cf <cookiefile>
  2. You can verify the certificate using openssl on all nodes.
    openssl s_client -showcerts -connect <node_ip>:<port>
    Ports are: s3: 9021, Atmos: 9023, Swift: 9025
    openssl s_client -showcerts -connect