• No results found

CTERA Portal Datacenter Edition

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "CTERA Portal Datacenter Edition"

Copied!
16
0
0

Loading.... (view fulltext now)

Download now ( 16 Page )

Full text

(1)

© 2013, CTERA Networks. All rights reserved.

Installing a Security

Certificate on the CTERA

Portal

CTERA Portal

Datacenter Edition

Aug 2013

Versions 3.2, 4.0

(2)

CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal 2

Certificates are used as part of the Transport Level Security (TLS) protocol. They enable users' Web browsers, CTERA appliances, and CTERA Agents to verify that the CTERA Portal server with which they are communicating is authentic and not spoofed. If the CTERA Portal does not have a valid certificate installed, CTERA appliances and CTERA Agents will not be able to connect to it.

This document describes the necessary steps for installing a certificate on the CTERA Portal:

1 View the CTERA Portal's DNS Suffix (page 3) 2 Obtain an SSL Certificate (page 5)

3 Generate a Certificate Signing Request for Your Domain (page 7) 4 Sign the Certificate Request (page 11)

5 Validate and Prepare Certificates for Upload (page 13) 6 Install the Signed Certificate on CTERA Portal (page 15)

1

Introduction

(3)

CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal 3

1 Log in to the CTERA Portal.

2 In the status bar, in the Portal drop-down list, select Administration.

The Global Administration View appears displaying the Main > Dashboard page.

3 In the navigation pane, click Settings > Global Settings.

2

View the CTERA Portal's DNS Suffix

(4)

2 View the CTERA Portal's DNS Suffix

4 CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal

The Settings > Global Settings page appears.

The DNS Suffix field displays the CTERA Portal's DNS suffix.

Tip

This document assumes that your CTERA Portal uses the following DNS suffix:

ctera.com

(5)

CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal 5

It is necessary to obtain a valid certificate signed either by a well-known certificate authority, or by your own internal certificate authority.

Tip

If you intend to generate a signed certificate using your own internal certificate authority, please contact CTERA Support at http://www.ctera.com/support beforehand.

The SSL certificate can be either of the following:

A wildcard certificate

A wildcard SSL certificate secures your website's URL and an unlimited number of its subdomains. For example, a single wildcard certificate for *.ctera.com can secure both company01.ctera.com and company02.ctera.com.

A wildcard certificate is mandatory, if you plan for your service to consist of more than one virtual portal.

A domain certificate

A domain certificate secures a single domain or subdomain only. For example:

company01.ctera.com.

3

Obtain an SSL Certificate

(6)

3 Obtain an SSL Certificate

6 CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal

This option is relevant if you are planning to provision a single virtual portal only.

Tip

To obtain a self-signed certificate for testing and evaluation purposes only, contact CTERA Support at http://www.ctera.com/support and specify your CTERA Portal's DNS suffix (which you viewed in View the CTERA Portal's DNS Suffix (page 3)). CTERA will generate a self-signed certificate for your DNS suffix and provide you with a ZIP file that you can upload to your CTERA Portal environment.

Tip

The CTERA Portal also supports certificates with Subject Alternative Names (SAN certificates). This option enables you to secure multiple domain names with a single certificate.

(7)

CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal 7

Once you have obtained your DNS suffix, you need to generate a certificate signing request (CSR) for your domain using CTERA Portal. This requires a CTERA Portal Administrator account.

1 Log in to the CTERA Portal using your Administrator account.

2 In the status bar, in the Portal drop-down list, select Administration.

The Global Administration View appears displaying the Main > Dashboard page.

3 In the navigation pane, click Settings > SSL Certificate.

The Settings > SSL Certificate page appears.

4 Click Request Certificate.

4

Generate a Certificate Signing

Request for Your Domain

(8)

4 Generate a Certificate Signing Request for Your Domain

8 CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal

The Create a Certificate Request Wizard opens.

In the Domain Name field, type the domain name for which you would like to request a certificate.

The value entered must match the type of certificate you chose to use. For example, if you chose a wildcard certificate, the domain name might be *.acme.com.

(9)

Generate a Certificate Signing Request for Your Domain 4

CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal 9

In contrast, if you chose a domain certificate, the domain name might be company01.acme.com, where company01 is the name of your virtual portal.

5 Complete the rest of the fields.

These fields are optional.

6 Click Generate.

A keypair is generated and stored on the portal.

The Download a certificate request screen appears.

7 Click Download.

The certificate request file certificate.req is downloaded to your computer.

(10)

4 Generate a Certificate Signing Request for Your Domain

10 CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal

The Settings > SSL Certificate page's Certificate Request area indicates that the certificate request is pending.

If you issued a wildcard certificate request, the area appears as follows:

If you issued a domain certificate request, the area appears as follows:

Warning

When you generated the CSR, a private.key file was registered in the CTERA Portal. If you now generate a new CSR, it will override the existing private.key file, and signing the old CSR will result in an error message indicating that the CSR does not match the private.key file. Therefore, do not generate a new CSR before installing the signed certificate.

(11)

CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal 11

1 Send the certificate.req file you generated to your certificate authority for signing.

If the request is successful, the certificate authority will send back an identity certificate that is digitally signed with the certificate authority's private key.

Tip

The certificate authority should return a base-64 encoded identity certificate.

2 Open the identity certificate and verify that the Issued to field includes the DNS suffix you provided upon creating the certificate request.

3 Build a certification chain from your identity certificate to your trusted root certificate.

In order to do this, you will need to obtain all of the intermediate certificates, as well as your root certificate authority's self-signed certificate.

If you are using a well-known certificate authority, the intermediate certificates and the root certificate authority's self-signed certificate can be downloaded from your certificate authority website. If you are using your own internal certificate authority, contact the necessary entity to provide you with the required intermediate and self-signed certificate.

5

Sign the Certificate Request

(12)

5 Sign the Certificate Request

12 CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal

In the above example, the certificate was issued by "Go Daddy Secure Certification Authority" to "*.ctera.com". In order to build the certification chain, it is necessary to obtain a certificate issued to "Go Daddy Secure Certification Authority".

This certificate was issued by "Go Daddy Class 2 Certification Authority" to " Go Daddy Secure Certification Authority". In order to continue the certification chain, it is necessary to obtain a certificate issued to "Go Daddy Class 2 Certification Authority".

Since this last certificate is a self-signed certificate, (that is, it was issued to and by the same entity), the certification chain is complete.

(13)

CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal 13

1 Verify that none of the certificates in the certificate chain are corrupted or using invalid encoding.

To do so, open each certificate in a program such as Notepad or Word, and verify that it contains the following:

--- BEGIN CERTIFICATE --- CERTIFICATE CONTENT

--- END CERTIFICATE --- For example:

2 Change the identity certificate issued to "*.ctera.com" to certificate.crt. 3 Change the file extension of the other certificates in the certificate chain to "crt".

For example, certificate-name.crt .

6

Validate and Prepare Certificates for

Upload

(14)

6 Validate and Prepare Certificates for Upload

14 CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal

4 Archive all of the certificates (the identity certificate, the intermediary certificates, and the root self-signed certificate) in a ZIP file called certificate.zip.

For example:

(15)

CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal 15

1 Log in to the CTERA Portal using your Administrator account.

2 In the status bar, in the Portal drop-down list, select Administration.

The Global Administration View appears displaying the Main > Dashboard page.

3 In the navigation pane, click Settings > SSL Certificate.

4 Click Install Signed Certificate.

The Upload Certificate Wizard opens.

5 Click Upload and browse to the certificate.zip file you created.

The certificate is installed on the CTERA Portal.

6 Click Finish.

7 Update the certificate on the Web server, by opening an SSH session to all of the servers in your CTERA Portal deployment and running the following command:

ctera-portal-manage.sh restart CTERA Portal services are restarted.

7

Install the Signed Certificate on

CTERA Portal

(16)

7 Install the Signed Certificate on CTERA Portal

16 CTERA Portal Datacenter Edition Installing a Security Certificate on the CTERA Portal

8 Verify that the certificate updated successfully, by browsing to your CTERA Portal.

You should receive no security exception messages.

References

Download now ( PDF - 16 Page - 1.30 MB )

Related documents

CTERA Portal Datacenter Edition

For information on configuring a snapshot retention policy at the virtual portal level or the user level, refer to CTERA Portal Administrator Guide Datacenter Edition, "Adding

Cloud Attached Storage 5.0

 Sync Gateway mode allows content distribution, so that files and folders can be uploaded to a centralized location (CTERA Portal) and then automatically synchronized to remote

Release Notes. CTERA Portal May CTERA Portal Release Notes 1

 Issue resolved: A user in a team portal may not be able to access their cloud drive, receving the error message " The resource is not available".  Feature added:

CTERA Agent for Windows

The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify

Cloud Attached Storage 3.1 EA

 Securely download files from your CTERA Portal account or CTERA Cloud Attached Storage appliance and view them on your mobile devices..  View .doc, .xls, .pdf, .mp4, .zip,

Release Notes. CTERA Portal 4.0. November CTERA Portal 4.0 Release Notes 1

CTERA Portal 4.0 supports catalog nodes, which are a way of breaking up the CTERA Portal's metadata database into multiple database servers for improved scalability.. Databases

Release Notes. CTERA Portal 4.1. July CTERA Portal 4.1 Release Notes 1

In previous versions of CTERA Portal, cloud drive consisted of a single home folder per user and multiple project folders.. In contrast, in CTERA Portal 4.1 there are multiple

Cloud Attached Storage

2 Right-click on the the CTERA Agent tray icon in the notification area of the Windows taskbar, and click Restore... Backing Up and Restoring SQL Server Databases Using CTERA Agent