<span style=" font-size:10pt;font-family:sans-serif">Hi Andi,</span><br><br><span style=" font-size:10pt;font-family:sans-serif">For object SSL
configuration you need to reconfigure auth after "mmobj swift base".
Instructions are here-</span><br><a href="https://www.ibm.com/support/knowledgecenter/STXKQY_5.0.4/com.ibm.spectrum.scale.v5r04.doc/bl1adm_configlocalauthssl.htm"><span style=" font-size:10pt;color:blue;font-family:sans-serif">https://www.ibm.com/support/knowledgecenter/STXKQY_5.0.4/com.ibm.spectrum.scale.v5r04.doc/bl1adm_configlocalauthssl.htm</span></a><br><br><span style=" font-size:10pt;font-family:sans-serif">Some more info
on object auth configuration-</span><br><a href="https://www.slideshare.net/SmitaRaut/ibm-spectrum-scale-authentication-for-object-deep-dive"><span style=" font-size:10pt;color:blue;font-family:sans-serif">https://www.slideshare.net/SmitaRaut/ibm-spectrum-scale-authentication-for-object-deep-dive</span></a><span style=" font-size:10pt;color:blue;font-family:sans-serif"></span><span style=" font-size:10pt;font-family:sans-serif">(Check slide
26)</span><br><br><span style=" font-size:10pt;font-family:sans-serif">Thanks,</span><br><span style=" font-size:10pt;font-family:sans-serif">Smita</span><br><br><br><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">From:
       </span><span style=" font-size:9pt;font-family:sans-serif">Andi
Christiansen <andi@christiansen.xxx></span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">To:
       </span><span style=" font-size:9pt;font-family:sans-serif">"gpfsug-discuss@spectrumscale.org"
<gpfsug-discuss@spectrumscale.org></span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Date:
       </span><span style=" font-size:9pt;font-family:sans-serif">04/01/2020
02:35 PM</span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Subject:
       </span><span style=" font-size:9pt;font-family:sans-serif">[EXTERNAL]
[gpfsug-discuss] Enabling SSL/HTTPS/ on Object S3.</span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Sent
by:        </span><span style=" font-size:9pt;font-family:sans-serif">gpfsug-discuss-bounces@spectrumscale.org</span><br><hr noshade><br><br><br><span style=" font-size:12pt">Hi, </span><br><br><span style=" font-size:12pt">We are trying to enable S3 on the object
protocol within scale but there seem to be little to no documentation to
enable https endpoints for the S3 protocol? </span><br><br><span style=" font-size:12pt">According to the documentation enabling
S3 for the keystone server is possible with the mmuserauth command but
when i try to run it as IBM have documented, it says that Object protocol
is not correctly installed.. And yes it hasnt been configured yet.. </span><br><br><span style=" font-size:12pt">The "mmobj swift base" command
which is used to configure Object/S3 automatically includes the "mmuserauth"
command without the ssl option enabled.. and then all endpoints will start
with http:// </span><br><br><br><span style=" font-size:12pt">I hope that anyone out there have a guide
to do this ? or is able to explain how to set it up? </span><br><br><br><span style=" font-size:12pt">Basically all i need is this: </span><br><br><a href="https://s3.something.com:8080"><span style=" font-size:12pt;color:blue"><u>https://s3.something.com:8080</u></span></a><span style=" font-size:12pt">which points to the WAN ip of the CES cluster (already configured and ready)
</span><br><br><span style=" font-size:12pt">and endpoints like this: </span><br><br><span style=" font-size:12pt">None | keystone | identity | True | public
| </span><a href="https://cluster_domain:5000/"><span style=" font-size:12pt;color:blue"><u>https://cluster_domain:5000/</u></span></a><span style=" font-size:12pt"><br>RegionOne | swift | object-store | True | public | </span><a href="https://cluster_domain:443/v1/AUTH_%(tenant_id)s"><span style=" font-size:12pt;color:blue"><u>https://cluster_domain:443/v1/AUTH_%(tenant_id)s</u></span></a><span style=" font-size:12pt"><br>RegionOne | swift | object-store | True | public | </span><a href="https://cluster_domain:8080/v1/AUTH_%(tenant_id)s"><span style=" font-size:12pt;color:blue"><u>https://cluster_domain:8080/v1/AUTH_%(tenant_id)s</u></span></a><span style=" font-size:12pt"></span><br><br><span style=" font-size:12pt">if i manually add those endpoints and
put my certificates in /etc/swift/ and update the config it says (SSL:
Wrong_Version_Number). Here is output: </span><br><br><span style=" font-size:12pt">C:\Users\Andi Christiansen>aws --endpoint-url
</span><a href="https://WAN"><span style=" font-size:12pt;color:blue"><u>https://WAN_IP/DOMAIN</u></span></a><span style=" font-size:12pt">:443
s3 ls </span><br><span style=" font-size:12pt">SSL validation failed for </span><a href="https://WAN_IP/DOMAIN:443/"><span style=" font-size:12pt;color:blue"><u>https://WAN_IP/DOMAIN:443/</u></span></a><span style=" font-size:12pt">[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed
certificate (_ssl.c:1076) </span><br><span style=" font-size:12pt">C:\Users\Andi Christiansen>aws --endpoint-url
</span><a href="https://WAN_IP/DOMAIN:8080"><span style=" font-size:12pt;color:blue"><u>https://WAN_IP/DOMAIN:8080</u></span></a><span style=" font-size:12pt">s3 ls </span><br><span style=" font-size:12pt">SSL validation failed for </span><a href="https://WAN_IP/DOMAIN:8080/"><span style=" font-size:12pt;color:blue"><u>https://WAN_IP/DOMAIN:8080/</u></span></a><span style=" font-size:12pt">[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1076) </span><br><br><br><span style=" font-size:12pt">its only port 8080 and 5000 that is allowed
through the firewall, so i only tested with 443 to see if it gave another
error as it is not allowed through and it did..  </span><br><br><br><span style=" font-size:12pt">It works just fine when "mmobj swift
base" is run normally and i only have http endpoints, then it is reachable
from local network or WAN with no issues.. </span><br><br><br><br><span style=" font-size:12pt">Thanks in advance! </span><br><br><br><span style=" font-size:12pt">Best Regards <br>Andi Christiansen </span><tt><span style=" font-size:10pt">_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br></span></tt><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss"><tt><span style=" font-size:10pt">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</span></tt></a><tt><span style=" font-size:10pt"><br></span></tt><br><br><BR>