Hi All, I'm running an (experimental) 3-Node Ceph Reef (v18.2.4) Cluster.
Each of the 3 nodes runs (amongst other services) the Ceph Dashboard - for fail-over purposes. I can connect to the Ceph Dashboard when not using TLS (ie ceph config set mgr mgr/dashboard/ssl false). I've got a private PKI (Step-CA) and I'd like to use its TLS Certificates for the Ceph Dashboard. The private PKI's CA Cert has been added to my browser, and internal websites, etc, using the internal PKI's Certificates work as expected. I'd like each of the three Ceph Nodes to use their own TLS Certificate. The 3 node's hostnames are ceph01.example.com, ceph02.example.com, and ceph03.example.com. The 3 node's mgr instances are (I think; & this could be where I'm going wrong) are mgr.ceph01, mgr.ceph02, and mgr.ceph03. I've created 3 TLS Certificates with names of cephdash-ceph01.example.com.crt, etc, CNs of cephdash-ceph01.example.com, etc, and SANs of ceph01.example.com, etc I've followed the documentation here: https://docs.ceph.com/en/reef/mgr/dashboard/#ssl-tls-support I have stopped and restarted the Ceph Dashboard service. Commands used (on ceph01.example.com): ceph dashboard set-ssl-certificate ceph01 -i cephdash-ceph01.example.com.crt ceph dashboard set-ssl-certificate-key ceph01 -i cephdash-ceph01.example.com.key ceph mgr module disable dashboard ceph mgr module enable dashboard It's not working (I get an Unable to connect page), and I can't work out why - but I suspect it'll be something bleedingly obvious. :-) My Qs: Can I use EC Certs or must I use RSA Certs? I've tryied both and neither work. Can anyone spot what I'm doing wrong? Thanks in advance Cheers Dulux-Oz _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
