Configuring HPE Ezmeral Data Fabric for HTTPS Upload to S3
Describes how to validate and trust security certificates to permit files to be uploaded to Amazon S3.
About this task
By default, HPE Ezmeral Data
Fabric only trusts its own self-signed certificates. To configure HPE Ezmeral Data Fabric to
trust the certificates used by AWS S3 for HTTPS upload, you must configure
additional trusted certificates. Add one of the following to the
/opt/mapr/conf/ssl_truststore
file on every node in the
cluster:
- The actual certificate used by the S3 endpoints you are using
- A signer of the actual certificate used by the S3 endpoints you are using
- A certificate higher in the trust chain that ultimately does sign the
certificate for the S3 endpointNOTE Currently, the root certificate used by AWS S3 is the Baltimore CyberTrust root certificate provided by Digicert.
The following instructions are based on the assumption that you are adding the root certificate (known as the Baltimore CyberTrust root) provided by Digicert with a fingerprint of D4DE20D05E66FC53FE1A50882C78DB2852CAE474 and an expiration date of May 12, 2025. You can also add other certificates to the truststore.
Procedure
-
Download the Baltimore CyberTrust root certificate from the URL
specified by Digicert, as in the following example:
cd /tmp wget https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt
-
Add the certificate to the HPE Ezmeral Data Fabric truststore.