forked from docs/doc-exports
Yang, Tong
5914b67d13
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com> Co-authored-by: Yang, Tong <yangtong2@huawei.com> Co-committed-by: Yang, Tong <yangtong2@huawei.com>
23 lines
7.2 KiB
HTML
23 lines
7.2 KiB
HTML
<a name="admin_guide_000157"></a><a name="admin_guide_000157"></a>
|
|
|
|
<h1 class="topictitle1">Importing a Certificate</h1>
|
|
<div id="body1529658735915"><div class="section" id="admin_guide_000157__sc966349c08c44723996237c6b7e403d1"><h4 class="sectiontitle">Scenario</h4><p id="admin_guide_000157__en-us_topic_0046736695_p27451669">CA certificates are used to encrypt data during communication between <span id="admin_guide_000157__text15946118176">MRS</span> Manager modules and between cluster component clients and servers to ensure security. CA certificates can be quickly imported to <span id="admin_guide_000157__text1648722965413">MRS</span> Manager for product security. Import CA certificates in following scenarios:</p>
|
|
<ul id="admin_guide_000157__en-us_topic_0046736695_ul45738436"><li id="admin_guide_000157__en-us_topic_0046736695_li8992740">When the cluster is installed for the first time, you need to replace the enterprise certificate.</li><li id="admin_guide_000157__en-us_topic_0046736695_li13825799">If the enterprise certificate has expired or security hardening is required, you need to replace it with a new certificate.</li></ul>
|
|
</div>
|
|
<div class="section" id="admin_guide_000157__sfc16142de0954095bb08beec3e7e3f69"><h4 class="sectiontitle">Impact on the System</h4><ul id="admin_guide_000157__ul16267104572013"><li id="admin_guide_000157__li5266245112010">During certificate replacement, the cluster needs to be restarted. In this case, the system becomes inaccessible and cannot provide services.</li><li id="admin_guide_000157__li22671645192017">After the certificate is replaced, the certificates used by all components and <span id="admin_guide_000157__text8549143215543">MRS</span> Manager modules are automatically updated.</li><li id="admin_guide_000157__li4267104542018">After the certificate is replaced, you need to reinstall the certificate in the local environment where the certificate is not trusted.</li></ul>
|
|
</div>
|
|
<div class="section" id="admin_guide_000157__s8828bdb45e314ce3bb2677947c8fc392"><h4 class="sectiontitle">Prerequisites</h4><ul id="admin_guide_000157__ul4185191213490"><li id="admin_guide_000157__li21853125490">You have generated the certificate file and key file or obtained them from the enterprise certificate administrator. </li><li id="admin_guide_000157__en-us_topic_0046736695_li36197244">You have obtained the files to be imported to the cluster, including the CA certificate file (<strong id="admin_guide_000157__b469602920220">*.crt</strong>), key file (<strong id="admin_guide_000157__b1214333122211">*.key</strong>), and file that saves the key file password (<strong id="admin_guide_000157__b192711615236">password.property</strong>). The certificate name and key name can contain uppercase letters, lowercase letters, and digits. After the preceding files are generated, compress them into a TAR package.</li><li id="admin_guide_000157__en-us_topic_0046736695_li57339740">You have obtained a password for accessing the key file, for example, <strong id="admin_guide_000157__b775518408440">Userpwd@123</strong>.<p id="admin_guide_000157__en-us_topic_0046736695_p46295617">To avoid potential security risks, the password must meet the following complexity requirements:</p>
|
|
<ul id="admin_guide_000157__en-us_topic_0046736695_ul14007370"><li id="admin_guide_000157__en-us_topic_0046736695_li58957474">It must contain at least eight characters.</li><li id="admin_guide_000157__en-us_topic_0046736695_li60855225">It must contain at least four of the following character types: uppercase letters, lowercase letters, digits, and special characters ~`!?,.:;-_'(){}[]/<>@#$%^&*+|\=.</li></ul>
|
|
</li><li id="admin_guide_000157__en-us_topic_0046736695_li10826121">When applying for certificates from the certificate administrator, you have provided the password for accessing the key file and applied for the certificate files in CRT, CER, CERT, and PEM formats and the key files in KEY and PEM formats. The requested certificates must have the issuing function.</li></ul>
|
|
</div>
|
|
<div class="section" id="admin_guide_000157__section2053565583820"><h4 class="sectiontitle">Procedure</h4><ol id="admin_guide_000157__en-us_topic_0046736695_ol4500571"><li id="admin_guide_000157__en-us_topic_0046736695_li62404399"><span>Log in to <span id="admin_guide_000157__text271833419543">MRS</span> Manager and choose <strong id="admin_guide_000157__b845023435112">System</strong> > <strong id="admin_guide_000157__b424223765114">Certificate</strong>.</span></li><li id="admin_guide_000157__en-us_topic_0046736695_li21591587"><span>Click <span><img id="admin_guide_000157__image11371122435615" src="en-us_image_0000001392574046.png"></span> on the right of <strong id="admin_guide_000157__b1445173185215">Upload Certificate</strong>. In the file selection window, browse to select the obtained TAR package of the certificate files.</span></li><li id="admin_guide_000157__li386074705419"><span>Click <strong id="admin_guide_000157__b12860174716540">Upload</strong>.</span><p><p id="admin_guide_000157__p54991149155415">Manager uploads the compressed package and automatically imports the package.</p>
|
|
</p></li><li id="admin_guide_000157__en-us_topic_0046736695_li60106559"><span>After the certificate is imported, the system displays a message asking you to synchronize the cluster configuration and restart the web service for the new certificate to take effect. Click <strong id="admin_guide_000157__b1028732413309">OK</strong>.</span></li><li id="admin_guide_000157__en-us_topic_0046662331_li48906009"><span>In the displayed dialog box, enter the password of the current login user and click <strong id="admin_guide_000157__b1021619235810">OK</strong>. The cluster configuration is automatically synchronized and the web service is restarted.</span></li><li id="admin_guide_000157__en-us_topic_0046736695_li36793112"><span>After the cluster is restarted, enter the URL for accessing <span id="admin_guide_000157__text1085119369542">MRS</span> Manager in the address box of the browser and check whether the <span id="admin_guide_000157__text527394314544">MRS</span> Manager web page can be successfully displayed.</span></li><li id="admin_guide_000157__li112311121706"><span>Log in to <span id="admin_guide_000157__text20884184595412">MRS</span> Manager.</span></li><li id="admin_guide_000157__en-us_topic_0046737068_li30344022"><span>Choose <strong id="admin_guide_000157__b117411653336">Cluster</strong>, click the name of the target cluster, choose <strong id="admin_guide_000157__b33750539333">Dashboard</strong>, click <strong id="admin_guide_000157__b18938171133418">More</strong>, and select <strong id="admin_guide_000157__b055912312344">Restart</strong>. (For MRS 3.3.0 or later, choose <strong id="admin_guide_000157__b14544826144014">More</strong> > <strong id="admin_guide_000157__b1136162924012">Restart</strong> in the upper right corner of the home page.)</span></li><li id="admin_guide_000157__li147445458458"><span>In the displayed dialog box, enter the password of the current login user and click <strong id="admin_guide_000157__b992795877115034">OK</strong>.</span></li></ol>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="admin_guide_000134.html">System Configuration</a></div>
|
|
</div>
|
|
</div>
|
|
|