Configuring custom server certificates for storage API endpoints

You can replace the default object storage API service endpoint server certificates with a single custom server certificate that is specific to your organization.

About this task

API service endpoints on Storage Nodes are secured and identified by X.509 server certificates. By default, every Storage Node is issued a certificate signed by the grid CA. These CA signed certificates can be replaced by a single common custom server certificate and corresponding private key.

You need to complete configuration on the server, and depending on the root Certificate Authority (CA) you are using, users might also need to install the root CA certificate in the in the API client they will use to access the system.

Steps

  1. Select Configuration > Server Certificates.
  2. In the Object Storage API Service Endpoints Server Certificate section, click Install Custom Certificate.
  3. Upload the required server certificate files:
    • Server Certificate: The custom server certificate file (.crt).
    • Server Certificate Private Key: The custom server certificate private key file (.key).
    • CA Bundle: A single file containing the certificates from each intermediate issuing Certificate Authority (CA). The file should contain each of the PEM-encoded CA certificate files, concatenated in certificate chain order.
  4. Click Save.
    The custom server certificates are used for all subsequent new API client connections.
  5. Refresh the page to ensure the web browser is updated.