You can replace or renew the Secure Sockets Layer (SSL) certificate, which is used to access the EMC Isilon cluster through a browser.
Before you begin
When you renew or replace a self-signed SSL certificate, you must provide information for your organization in the format that is described in the Self-signed SSL certificate data example.
The following folders are the default locations for the
server.key files in OneFS 6.0 and higher.
- SSL certificate:
- SSL certificate key:
Establish an SSH connection to any node in the cluster.
At the command prompt, run the following command to create the appropriate directory.
At the command prompt, run the following command to change to the directory.
Choose the type of certificate you want to install.
|Third-party (public or private) CA-issued certificate
- At the command prompt, run the following command to generate a new Certificate Signing Request (CSR) in addition to a new key, where
<common_name> is the host name, such as isilon.example.com:
openssl req -new -nodes -newkey rsa:1024 -keyout <common name>.key \
- Send the contents of the
<common_name>.csr file from the cluster to your Certificate Authority (CA) for signing. When you receive the signed certificate (now a
.crt file) from the CA, copy the certificate to
|Self-signed certificate based on the existing (stock) ssl.key
- At the command prompt, run the following command to create a two-year certificate. Increase or decrease the value for
-days to generate a certificate with a different expiration date.
cp /usr/local/apache2/conf/ssl.key/server.key ./openssl req -new \/
-days 730 -nodes -x509 -key server.key -out server.crt
A renewal certificate is created, based on the existing (stock)
At the command prompt, run the following command to verify the attributes in an SSL certificate.
openssl x509 -text -noout -in <common-name>.crt
Run the following commands to install the certificate and key:
isi services -a isi_webui disable
chmod 640 <common name>.key
isi_for_array -s 'cp /ifs/local/<common-name>.key /usr/local/apache2/conf/ssl.key/server.key'
isi_for_array -s 'cp /ifs/local/<common-name>.crt /usr/local/apache2/conf/ssl.crt/server.crt'
isi services -a isi_webui enable
Run the following command to remove the files in