- Element Software versions 12.2 and above
- Element Management Node (mNode)
By default, Element Software and its associated management node (mNode) are packaged with certificates meeting the requirements below as of version 12.2.
- PEM encoding (x509)
- ExtendedKeyUsage (EKU) is set (x509v3)
- Certificate length of 2048 bits or more (this is a requirement for using for Multifactor Authentication (MFA))
The default certificates are self-signed. Custom certificates (for example, certificates signed by a third party Certificate Authority (CA)) can be installed on Element storage clusters and their accompanying mNodes provided they meet the above requirements.
Once obtained, custom certificates can be then be set via various API-driven methods on both the Element cluster and mNode. See, for instance:
If any of the above requirements are not in place, the SetSSLCertificate (Element) or SetNodeSSLCertificate (mNode) API will fail with an error message. See, for instance:
For information on using MFA with Element Software, see Where is the Element Multi-factor Authentication guide located?
For information on using FIPS with Element Software, see Enabling FIPS 140-2 for HTTPS on your cluster.
For information on Ciphers in the context of SSL on Element, see the 'TLS and SSL' section of the guide linked from Where is the HCI Hardening guide located?