Setting Up Ssl For Your Nodes - IBM Aspera HST Admin Manual

Run the following command to the original and new nodes. If the database restoration succeeded, the output from
each is identical.
# curl -ki -u {node_username:node_password} http[s]://{hostname}:
{http_port}access_keys
Note: Curl is included in many Unix-based operating systems. To check if it is installed, enter curl on the
command line. If it is not installed, download it from the Curl website: https://curl.haxx.se/download.html.

Setting up SSL for your Nodes

The Aspera Node API provides an HTTPS interface for encrypted communication between nodes (on port
9092, by default). For example, if you are running the IBM Aspera Faspex web UI or the IBM Aspera Shares
web UI on one computer, you can encrypt the connection (using SSL) with your transfer server or file-storage
node on another computer. HST Server nodes are preconfigured to use Aspera's default, self-signed certificate
(aspera_server_cert.pem). You might need to create a new certificate or install a valid, signed certificate,
such as when you are configuring HST Server as a IBM Aspera on Cloud node.
The self-signed Aspera certificate is located in the following directory:
/opt/aspera/etc/
About PEM Files: The PEM certificate format is commonly issued by Certificate Authorities. PEM certificates
have extensions that include .pem, .crt, .cer, and .key, and are Base-64 encoded ASCII files containing "-----BEGIN
CERTIFICATE-----" and "-----END CERTIFICATE-----" statements. Server certificates, intermediate certificates, and
private keys can all be put into the PEM format.
To generate a new certificate:
1. Generate a Private Key and Certificate Signing Request (CSR) using OpenSSL.
In a Terminal window, run the following command (where my_key_name.key is the name of the unique key
that you are creating and my_csr_name.csr is the name of your CSR):
# openssl req -new -nodes -keyout my_key_name.key -out my_csr_name.csr
2. At the prompt, enter your X.509 certificate attributes.
Important: The Common Name field must be filled in with the fully qualified domain name of the server
to be protected by SSL. If you are generating a certificate for an organization outside the U.S., go to
www.iso.org/obp/ui/, select Country codes, and click
Generating a 1024 bit RSA private key
....................++++++
................++++++
writing new private key to 'my_key_name.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:Your_2_letter_ISO_country_code
State or Province Name (full name) [Some-
State]:Your_State_Province_or_County
Locality Name (eg, city) []:Your_City
| Set up HST Server for Node API | 284
to view a list of two-letter ISO country codes.
https://