clustergroup fetchchainca
Displays location of the CA certificate chain on the specified cluster or all clusters in the cluster group.
When it comes to a cluster group, there are multiple clusters in the cluster group. One or more external S3 servers could be a part of the cluster group if they are imported into Data Fabric.
A CA certificate is the means for a S3 client will to connect to a cluster or to an external S3 server in a cluster group.
Every cluster or fabric has a CA certificate that is signed by HPE.
You could have generated a combined CA certificate or a CA certificate chain for multiple fabrics/ clusters that are part of the global namespace or cluster group. The CA certificate chain is retrieved from cldb of the primary cluster.
If you wish to add an external s3 server to cluster group, you would require the certificate of external s3 server to be stored on the cldb of the primary server.
Use theclustergroup
fetchchainca
CLI command to display the location of the CA certificate
chain for the specified cluster in a cluster group or all clusters in the cluster group.
By default, the CA certificate chain is saved in
/tmp/chain-ca.pem
.
Once you have the location of the CA certificate chain, you can copy it to the desired location.
Syntax
- CLI
-
maprcli clustergroup fetchchainca [ - clustername name of the cluster] [ - allclusters all clusters <true|false> ]
Options
Option | Description |
---|---|
|
(Required if |
|
(Required if |
Example
Display CA certificate chain path for cluster-one in a clustergroup
- CLI
-
maprcli clustergroup fetchchainca -clustername cluster-one
- REST
-
curl -u <username> -X GET https://server.sj.us:8443/rest/clustergroup/fetchchainca?clustername=cluster-one
Display CA certificate chain path for all clusters in the cluster group
- CLI
-
maprcli clustergroup fetchchainca -allclusters true
- REST
-
curl -u <username> -X GET https://server.sj.us:8443/rest/clustergroup/fetchchainca?allclusters=true