How Can I Use the Object Storage Service Certificate Tool of a UDS to Generate a Certificate

The UDS provides an object storage service certificate tool. After logging in to a user access node (A-Node), you can use the tool to generate a certificate.

For details about how to generate a certificate, perform the following steps:

1.      Use PuTTY to log in to an A-Node of the UDS as user opadmin.

2.      Run su - root to switch to root.

3.      Run /opt/obs/scripts/certs/gen_cert_tool.sh -o output to generate a certificate.

The parameters are described as follows:

-o: optional parameter. output specifies the name and path of the certificate to be generated. If this parameter is not specified, a certificate named uds-service.jks is generated in the current directory.

A command sample is as follows:

/opt/obs/scripts/certs/gen_cert_tool.sh -o /home/permitdir/uds-service.jks

After this command is executed, a certificate named uds-service.jks is generated in the/home/permitdir directory.

During the executing of the command, two times of entering password will be prompted. The complexity of password is that the password must be at least six characters in length and contains at least two types of special characters, lowercase letters, uppercase letters, and digits.

4.      Run chown opadmin:omm /home/permitdir/uds-service.jks to change the owner of the certificate to opadmin for the convenience of copying the certificate.

 NOTE:

The uds-service.jks certificate generated in the /home/permitdir is used as an example only.

5.      Use WinSCP to log in to the A-Node as user opadmin and copy the certificate to the local maintenance terminal. You can import the certificate on DeviceManager when required.