Configuring StorageGRID certificates for ONTAP clients using FabricPool

For S3 clients that perform strict hostname validation and do not support disabling strict hostname validation, such as ONTAP clients using FabricPool, you can generate or upload a server certificate using the Grid Manager.

Before you begin

About this task

The Grid Manager allows you to generate a self-signed server certificate or to upload a certificate that is signed by a known Certificate Authority (CA). In production environments, you should use a certificate that is signed by a known Certificate Authority (CA). Certificates signed by a CA can be rotated non-disruptively. They are also more secure because they provide better protection against man-in-the-middle attacks.

The following steps provide general guidelines for S3 clients that use FabricPool. For more detailed information and procedures, see the topics about high availability groups and load balancing.

Procedure

  1. Optionally, you can configure a high availability (HA) group for the FabricPool to use.
  2. Choose one of the following approaches:
    • Recommended: Configure a Load Balancer endpoint for the FabricPool to use.

      Follow the instructions for configuring endpoints for the Load Balancer service.

    • Configure a server certificate and connect the FabricPool to the Storage Nodes or to the CLB service.

      See the instructions for configuring server certificates. See the information about the CLB service.

      Note: The CLB service is deprecated.