No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R006C00 Security Maintenance 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Replacing the Certificate and Private Key for Communication Between Nodes in a Cluster

Replacing the Certificate and Private Key for Communication Between Nodes in a Cluster

Replacing the certificate and private key for communication between nodes in a cluster can ensure communication security.

Context

The certificate and private key is used for communication between nodes in a cluster. To ensure security of communication between nodes, you are advised to replace the certificate and private key periodically.

To replace the certificate and private key, perform the following operations on each node.

Procedure

  1. Back up the original certificate of each node.
    1. Start PUTTY and enter the management IP address to log in as account omuser to the cluster. The default password is Omuser@storage.
    2. Run the following commands to go to the node.

      ssh omuser@xxx.xxx.xxx.xxx

      xxx.xxx.xxx.xxx indicates the back-end IP address of a non-primary node.

      Enter and the omuser user password.

    3. Run the following commands to back up the certificate and private key.

      cd /opt/huawei/deploy/etc

      cp cluster_cert.pem cluster_cert.pem_bak

      cp cluster_key.pem cluster_key.pem_bak

  2. Use Filezilla to upload the certificate and private key to the node where the management IP address resides.
    1. In Host, enter sftp://xxx.xxx.xxx.xxx, where xxx.xxx.xxx.xxx is the management IP address. In Username, enter omuser. In Password, enter the password. Keep the defaults for other settings. Then, click Quickconnect.
    2. In the navigation tree on the left, select a directory where the file you want to upload resides. In the navigation tree on the right, select a directory to which you want to upload the file. (/home/omuser by default.) Then, drag the file on the left to the directory on the right.

      The names of the files to be uploaded must be cluster_cert.pem and cluster_key.pem. The files must be in the Privacy Enhanced Mail (PEM) format. Set a password for the private key.

      NOTE:
      The password must be 8 to 32 characters in length and contains at least two types of lowercase letters, uppercase letters, digits, and special characters.

  3. Copy the certificate and private key to the cd /opt/huawei/deploy/etc directory of other nodes.
    1. Start PUTTY and enter the management IP address to log in as account omuser to the cluster. The default password is Omuser@storage.
    2. Run the following commands to copy the certificate and private key.

      scp /home/omuser/cluster_cert.pem omuser@xxx.xxx.xxx.xxx:/home/omuser/

      scp /home/omuser/cluster_key.pem omuser@xxx.xxx.xxx.xxx:/home/omuser/

      xxx.xxx.xxx.xxx indicates the back-end IP address of a non-primary node.

      Enter and the omuser user password.

    3. Run ssh omuser@xxx.xxx.xxx.xxx and enter the omuser user password to go to the node.
    4. Run su - root and enter the password of root to switch to the user root.
    5. Run the following commands to replace the encryption certificate and private key.

      cp /home/omuser/cluster_cert.pem /opt/huawei/deploy/etc/cluster_cert.pem

      cp /home/omuser/cluster_key.pem /opt/huawei/deploy/etc/cluster_key.pem

  4. Restart the node to make the new certificate and private key take effect.
  5. Perform 1 to 4 to replace the certificate and private key on other node.
Translation
Download
Updated: 2019-04-28

Document ID: EDOC1000122530

Views: 12674

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next