Checking the Require signed SSL certificate option in the Node Maintenance page for an ES server added to Console results in a failed status for that node and a
Node API SSL certificate error.
This occurs even when the SSL certificate is properly signed and configured on the ES node.
This issue is likely due to the entries included in the certificate, which must include the IP address of the ES server.
- Operating System: Linux
- Product: Console 3.0 and above + Enterprise Server
1. For your Enterprise Server, obtain another signed certificate with a Subject Alternative Name (SAN) entry. In this entry, include the IP address of the Enterprise Server(s) that the signed certificate is for.
2. On your Console server copy the file
/etc/pki/tls/certs/ca-bundle.crt (or your root certificate) to
# cp /etc/pki/tls/certs/ca-bundle.crt /opt/aspera/console/config/cacert.pem
3. Restart Console and ES services
On Console server
# asctl console:restart
On ES server # service asperanoded restart
If you are having SSL certificate verification issues in Faspex, see this Knowledge Base article: Error when trying to enable SSL certificate verification on Faspex node