You can retrieve the installed object certificate using the ECS Management REST API.
Before you begin
- Ensure that you have authenticated with the ECS Management REST API and stored the token in a variable ($TOKEN). See
Authenticate with the ECS Management REST API.
- If you have restarted services, the certificate will be available immediately. Otherwise, you need to wait two hours to be sure that the certificate has propagated to all nodes.
Procedure
-
Use the
GET /object-cert/keystore method to return the certificate.
Using the curl tool, the method can be run by typing the following:
curl -svk -H "X-SDS-AUTH-TOKEN: $TOKEN" https://x.x.x.x:4443/object-cert/keystore
Using the ECS command line interface (
ecscli.py):
python ecscli.py keystore show –hostname <ecs_host_ip> -port 4443 –cf <cookiefile>
-
You can verify the certificate using
openssl on all nodes.
openssl s_client -showcerts -connect <node_ip>:<port>
Ports are: s3: 9021, Atmos: 9023, Swift: 9025
Example:
openssl s_client -showcerts -connect 10.1.2.3:9021