Skip to main content
NetApp Knowledge Base

What are the requirements around setting custom SSL certificates in Element Software?

Views:
294
Visibility:
Public
Votes:
0
Category:
element-software
Specialty:
solidfire
Last Updated:

Applies to

  • Element Software versions 12.2 and above
  • Element Management Node (mNode)

Answer

By default, Element Software and its associated management node (mNode) are packaged with certificates meeting the requirements below as of version 12.2.

Requirements:

  • PEM encoding (x509)
  • ExtendedKeyUsage (EKU) is set (x509v3)
  • Certificate length of 2048 bits or more (this is a requirement for using for Multifactor Authentication (MFA))

The default certificates are self-signed. Custom certificates (for example, certificates signed by a third party Certificate Authority (CA)) can be installed on Element storage clusters and their accompanying mNodes provided they meet the above requirements.

Once obtained, custom certificates can be then be set via various API-driven methods on both the Element cluster and mNode. See, for instance:

Additional Information

Troubleshooting

If any of the above requirements are not in place, the SetSSLCertificate (Element) or SetNodeSSLCertificate (mNode) API will fail with an error message. See, for instance:

Related Topics

For information on using MFA with Element Software, see Where is the Element Multi-factor Authentication guide located?

For information on using FIPS with Element Software, see Enabling FIPS 140-2 for HTTPS on your cluster.

For information on Ciphers in the context of SSL on Element, see the 'TLS and SSL' section of the guide linked from Where is the HCI Hardening guide located?