Adding administrator client certificates

To add a client certificate, you can provide your own certificate or generate one using the Grid Manager.

Before you begin

Procedure

  1. In the Grid Manager, select Configuration > Access Control > Client Certificates.
    The Client Certificates page appears.
    Certificates Page - Admin Clients
  2. Select Add.
    The Upload Certificate page appears.
    Certificate -Admin - Upload
  3. Type a name between 1 and 32 characters for the certificate.
  4. To access Prometheus metrics using your external monitoring tool, select the Allow Prometheus check box.
  5. Upload or generate a certificate.
    • To upload a certificate, go to step 6.
    • To generate a certificate, go to step 7.
  6. To upload a certificate:
    1. Select Upload Client Certificate.
    2. Browse for the public key for the certificate.
      After you upload the public key for the certificate, the Certificate metadata and Certificate PEM fields are populated.
      Certificate - Admin - Upload Cert File
    3. Select Copy certificate to clipboard and paste the certificate to your external monitoring tool.
    4. Use an editing tool to copy and paste the private key to your external monitoring tool.
    5. Select Save to save the certificate in the Grid Manager.
  7. To generate a certificate:
    1. Select Generate Client Certificate.
    2. Enter the domain name or IP address of the Admin Node.
    3. Optionally, enter an X.509 subject, also referred to as the Distinguished Name (DN), to identify the administrator who owns the certificate.
    4. Optionally, select the number of days the certificate is valid. The default is 730 days.
    5. Select Generate.
      The Certificate metadata, Certificate PEM, and Certificate private key fields are populated.
      Certificate - Admin - Upload Generated
    6. Select Copy certificate to clipboard and paste the certificate to your external monitoring tool.
    7. Select Copy private key to clipboard and paste the key to your external monitoring tool.
      Attention: You will not be able to view the private key after you close the dialog box. Copy the key to a safe location.
    8. Select Save to save the certificate in the Grid Manager.
  8. Configure the following settings on your external monitoring tool, such as Grafana.
    A Grafana example is shown in the following screenshot:
    Grafana - Add URL and Auth
    1. Name: Enter a name for the connection.
      StorageGRID does not require this information, but you must provide a name to test the connection.
    2. URL: Enter the domain name or IP address for the Admin Node. Specify HTTPS and port 9091.
      For example: https://admin-node.example.com:9091
    3. Enable TLS Client Authorization and With CA Cert.
    4. Copy and paste the Management Interface Server Certificate or CA bundle to CA Cert under TLS/SSL Auth Details.
    5. ServerName: Enter the domain name of the Admin Node.
      ServerName must match the domain name as it appears in the Management Interface Server Certificate.
    6. Save and test the certificate and private key that you copied from StorageGRID or a local file.

      You can now access the Prometheus metrics from StorageGRID with your external monitoring tool.

      For information about the metrics, see the instructions for monitoring and troubleshooting StorageGRID.