For HTTPS access to an HCP S Series Node through the HCP S Series Management Console, management API, or S3 compatible API, the S Series Node must have an SSL server certificate. To meet this need, each S Series Node comes with a self-signed certificate already installed. This certificate is valid for five years from the time the HCP S Series software was installed on the S Series Node. The common name in this certificate is *.node-domain-name, where node-domain-name is the domain name configured for the S Series Node.
Self-signed SSL server certificates are not automatically trusted by web browsers and other HTTP client tools. However, clients can choose to trust them.
You can use the Management Console or management API to get information about the currently installed SSL server certificate, including the expiration date. When the certificate is close to expiring, the S Series Node issues an alert about the upcoming expiration.
You can install a new SSL server certificate at any time. To install a new certificate, you can use any of these methods:
- Use the Management Console or management API to generate a certificate signing request (CSR). Then submit the generated CSR to a certificate authority (CA). When you receive the CA-signed certificate, use the Management Console or management API to install the certificate on the S Series Node.Important: An S Series Node can store only one CSR at a time. If you generate a CSR, send that CSR to a CA, and then generate a different CSR, the certificate returned by the CA won't match the current CSR, and you won't be able to install the returned certificate.
- Create a PKCS12 file that contains an SSL server certificate. Then use the Management Console or management API to install the new certificate on the S Series Node.
- Use the HCP S Series Management Console or management API to generate and install a new self-signed certificate on the S Series Node. The new certificate has an expiration date of five years from the date on which the certificate was generated.Tip: For greater security, if the S Series Node is using self-signed certificates, periodically generate and install a new certificate.
An S Series Node can have only one SSL server certificate at a time. When you install a new certificate, that certificate replaces the existing certificate.
Also, when you install a new certificate, the S Series Node restarts. While restarting, the S Series Node is unavailable for both management and data access purposes.
After a new SSL server certificate is installed on the S Series Node, clients such as HCP must accept the new certificate to be able to continue accessing the S Series Node.
If you have the administrator role, you can use the HCP S Series Management Console or management API to install a new SSL server certificate on an S Series Node.
To view the currently installed SSL server certificate or work with SSL server certificates in the Management Console, go to .