What are the API methods for setting custom SSL certificates on the Element mNode?

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 603

Visibility:: Public

Votes:: 0

Category:: element-software

Specialty:: solidfire

Last Updated:

Applies to

Element Software versions 11.3 and above
Element Management Node (mNode) versions 11.3 and above

Answer

As of versions 11.3 and above, the following API methods can be used to view, change, or reset the SSL certificate in place on the mNode:

GetNodeSSLCertificate -- retrieve the currently-active SSL certificate on the mNode
SetNodeSSLCertificate -- set a custom SSL certificate and private key for the mNode
RemoveNodeSSLCertificate -- remove the custom SSL certificate and private key from the mNode; revert the mNode to the default certificate and private key

The text of the certificate itself will be submitted in the payload of the https POST request, in the 'privateKey' and 'certificate' parameters. There are various ways to do this, such as:

through an API tool like Postman. See How to install and configure Postman to run Element software APIs
Element Powershell Tools
through linux command-line tools such as:
- scripts which use wget or curl
- Element Python SDK

Warnings:

after changing the SSL certificate on the Element cluster itself or the management node, the management node then needs to be rebooted in order to sync up authentication between the mNode and the cluster (the cluster storage nodes do not need to be rebooted)
if the Configure Fully Qualified Domain Name web UI access has previously been applied in order to reach the cluster via FQDN, the steps therein may need to be re-applied after changing the cluster SSL certificate (check cluster access via FQDN, re-apply steps if needed)

Additional Information

The above API's are for the mNode specifically; to manage the SSL certificate on the Element cluster itself (and all storage nodes therein), the equivalent API's are:

Changing the Element software default SSL certificate