Requesting and installing a new signed certificate

If your current signed certificate expires or is about to expire, you can request a new signed certificate from a certificate authority.

Note: Changing the system certificate changes the trust that any configured key servers have in the cluster. Reestablish key server trust in the cluster by exporting the cluster certificate to the key servers.

In the management GUI, select Settings > Security > Secure communications and select signed certificate and complete the form to create a request for a signed certificate for your system. After you receive the certificate from the certificate authority, use this panel to install the certificate on the system.

  1. In the command-line interface, enter the following command to create a new certificate request:
    chsystemcert -mkrequest -keytype ecdsa521 -country GB -state Hampshire -locality Hursley -org MYCO -orgunit Storage -commonname svcsystem1.myco.com -email admin@myco.com
    The certificate request is automatically written to /dumps/certificate.csr.
  2. Use secure copy (scp) to copy the file /dumps/certificate.csr from the system and send this file to a certificate authority (CA) to sign. The certificate authority returns a signed certificate. After you receive the certificate, use scp to copy the certificate back onto the system in the file /dumps/certificate.cer, where certificate.cer is the name of the certificate.
  3. After you copy the certificate to the system, enter the following command to install the certificate on the system.
    chsystemcert -install -file /dumps/certificate.cer