Get started
Configuring StorageGRID certificates for FabricPool
Suggest changes
-
PDF of this doc site
-
Install and upgrade software
-
Install and maintain hardware
-
SG5700 storage appliances
-
SG5600 storage appliances
-
-
Configure and manage
-
Administer StorageGRID
-
-
Use StorageGRID
-
Monitor and troubleshoot
-
Monitor a StorageGRID system
-
-
Collection of separate PDF docs
Creating your file...
For S3 clients that perform strict hostname validation and do not support disabling strict hostname validation, such as ONTAP clients using FabricPool, you can generate or upload a server certificate when you configure the load balancer endpoint.
-
You must have specific access permissions.
-
You must be signed in to the Grid Manager using a supported browser.
When you create a load balancer endpoint, you can generate a self-signed server certificate or upload a certificate that is signed by a known Certificate Authority (CA). In production environments, you should use a certificate that is signed by a known CA. Certificates signed by a CA can be rotated non-disruptively. They are also more secure because they provide better protection against man-in-the-middle attacks.
The following steps provide general guidelines for S3 clients that use FabricPool. For more detailed information and procedures, see the instructions for configuring StorageGRID for FabricPool.
|
The separate Connection Load Balancer (CLB) service on Gateway Nodes is deprecated and no longer recommended for use with FabricPool. |
-
Optionally, configure a high availability (HA) group for FabricPool to use.
-
Create an S3 load balancer endpoint for FabricPool to use.
When you create an HTTPS load balancer endpoint, you are prompted to upload your server certificate, certificate private key, and CA bundle.
-
Attach StorageGRID as a cloud tier in ONTAP.
Specify the load balancer endpoint port and the fully qualified domain name used in the CA certificate you uploaded. Then, provide the CA certificate.
If an intermediate CA issued the StorageGRID certificate, you must provide the intermediate CA certificate. If the StorageGRID certificate was issued directly by the Root CA, you must provide the Root CA certificate.