For additional security, you can replace the self-signed, factory-installed certificate with another SSL certificate, for example, with one that is signed by a third-party CA. Once you have obtained your signed certificate and private key, you can install them by using the QoreStor UI or CLI. Only one certificate can be installed on a QoreStor system at any given point in time. The same certificate will be used for HTTPS access to object containers.
To install an SSL certificate, complete the following steps:
- In the navigation menu, click Dashboard.
- In the System Information pane at the bottom, click SSL Certificate.
- Click Upload Certificate.
- Select the SSL certificate on your system that you want to install.
- Click Upload Key and select your private key.
- Click Upload.
You can easily join the QoreStor to your Microsoft Active Directory Services (ADS) domain. This topic describes how to configure Active Directory (AD) settings for the QoreStor system, which requires that you direct yourQoreStor system to join or leave a domain that contains a Microsoft Active Directory Service (ADS). Instructions are provided below to join an ADS domain or to leave an ADS domain. When you join QoreStor to an ADS domain, this disables the Network Time Protocol (NTP) service and instead uses the domain-based time service.
To configure QoreStor for a domain using ADS, complete the following steps:
- In the left navigation menu, click .
- Click Join Domain.
- Enter the following AD logon information:
- Domain —Enter a fully qualified domain name for the ADS; for example, AD12.acme.com. (This is a required field.)
|
NOTE: Supported domain names are limited to 64 characters in length and can only consist of a combination of A-Z, a-z, 0-9, and three special characters: a dash (-), a period (.), and an underscore (_). |
- Organization—Enter a valid organizational name that meets the organization name guidelines for the ADS. (This is an optional field.)
- Username—Enter a valid user name that meets the user name guidelines for the ADS. (This is a required field.)
|
NOTE: Supported user names are limited to 64 characters in length and can only consist of a combination of A-Z, a-z, 0-9, and three special characters: a dash (-), a period (.), and an underscore (_). |
- Password—Enter a valid password that meets the password guidelines for the ADS. (This is a required field.)
- Click Join.
- To leave a domain, find the domain on the Active Directory page and click Leave Domain.
- In the Leave Active Directory pane, enter the username and password for the ADS domain.
- Click Leave.
|
NOTE: This is an optional configuration, and only necessary if Domain users in a login group are expected to authenticate to the QoreStor UI. |
After you configure your QoreStor within the same ADS domain, you must ensure that a login group exists and add it to the domain. Adding a login group is only possible when the QoreStor system is joined to a domain. Also, you must be logged in as a domain user that is part of an enabled login group.
To add a login group in an ADS domain, complete the following steps:
- On the left navigation menu, click.
- On the Active Directory page, find the domain pane and clickAdd Login Group.
- In the Add Login Group pane, type the name of the login group including the domain name; for example, Domain\Domain Admins. If your login group name contains spaces, you must not enclose it in quotation marks. (This differs from the equivalent CLI command.)
- Click Add Login Group to add the login group.
|
NOTE: Changes made to the login group take effect on the next log in attempt (unlike Windows ADS, no active checking is done on the group). |