본문 바로가기
EMC

isilon certificate update(인증서 갱신)

Bellus7 2025. 7. 24. 14:22

1️⃣ 인증서 확인

 

# isi certificate server list
# isi certificate server view 0e1ce7c


< Subject, Issuer 체크>

     Subject: C=US, ST=Washington, L=Seattle, O="Isilon Systems, Inc.", OU=Isilon Systems, CN=Isilon Systems, emailAddress=support@isilon.com
      Issuer: C=US, ST=Washington, L=Seattle, O="Isilon Systems, Inc.", OU=Isilon Systems, CN=Isilon Systems, emailAddress=support@isilon.com

 

2️⃣ 인증서 갱신

 

#1. 작업 디렉토리 생성

# mkdir /ifs/local
# cd /ifs/local

 

#2. 인증서-키 복사

# cp /usr/local/apache2/conf/ssl.key/server.key

 

#3. 새로운 인증서 생성

# openssl req -new -days 730 -nodes -x509 -key server.key -out server.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Washington
Locality Name (eg, city) []:Seattle
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Isilon Systems, Inc.
Organizational Unit Name (eg, section) []:Isilon Systems
Common Name (e.g. server FQDN or YOUR name) []:Isilon Systems
Email Address []:support@isilon.com

 

 

#4. 새로운 인증서 확인

# openssl x509 -text -noout -in server.crt

 

3️⃣ 인증서 변경

#1. 새로운 인증서 추가

# isi certificate server import /ifs/server.crt /ifs/server.key

 

#2. 인증서 추가 확인

# isi certificate server list -v

 

#3. 신규 인증서 디폴트 설정

# isi certificate settings modify --default-https-certificate=<id_of_cert_to_set_as_default>
# isi certificate settings modify --default-https-certificate=daa2925

 

#4. 디폴트 설정 확인

# isi certificate settings view

(list의 name과 헷갈리지 말것)

 

#5. 미사용 인증서 제거

# isi certificate server delete --id=<id_of_cert_to_delete>
# isi certificate server delete --id=0e1ce7c

 

 

4️⃣ port '8081/8083'에서 새 인증서 사용

# isi services -a isi_webui disable
# chmod 640 server.key
# chmod 640 server.crt
# isi_for_array -s 'cp /ifs/local/server.key /usr/local/apache2/conf/ssl.key/server.key'
# isi_for_array -s 'cp /ifs/local/server.crt /usr/local/apache2/conf/ssl.crt/server.crt'
# isi services -a isi_webui enable

=> 작업 후 OneFS WebUI가 Open 될때까지 5분정도 기다림

 

출처

https://www.dell.com/support/kbdoc/ko-kr/000157711/powerscale-onefs-isilon-%EC%9B%B9-%EA%B4%80%EB%A6%AC-%EC%9D%B8%ED%84%B0%ED%8E%98%EC%9D%B4%EC%8A%A4%EC%9D%98-ssl-%EC%9D%B8%EC%A6%9D%EC%84%9C-%EA%B5%90%EC%B2%B4-%EB%98%90%EB%8A%94-%EA%B0%B1%EC%8B%A0

'EMC' 카테고리의 다른 글

isilon Gen6 onefs 8.1.x.x Battery test  (0) 2025.08.01
ISILON Cluster 에서 서로 다른 type에 노드 ADD  (2) 2025.07.24
isilon Cluster reimage 방법  (3) 2025.07.24
isilon 보안 설정  (0) 2025.07.24
isilon node 간 ssh 접속 안될 시  (0) 2025.07.24

'EMC' Related Articles

티스토리툴바