5.5. Installing SSL Certificates

In a PixStor environment, foundational web server setup tasks—such as installing NGINX, configuring it, and setting up a proxy for Hub access—are already handled as part of the standard deployment. This simplifies the process for administrators, as they don’t need to repeat these initial steps.

Generating an SSL certificate falls outside the scope of our guidance (as this typically depends on organizational security policies or certificate authorities).

Let us understand, How to Install SSL Certificates

PixStor systems include self-signed SSL certificates. To replace the default certifications with custom certificates, overwrite the certificate files on each of the PixStor nodes:

/etc/pki/tls/certs/arcapix.crt - the full server certificate

/etc/pki/tls/private/arcapix.key - the private key for the certificate

Ensure that the file permissions are set appropriately on these files:

chmod 644 /etc/pki/tls/certs/arcapix.crt
chown root:root /etc/pki/tls/certs/arcapix.crt
chmod 640 /etc/pki/tls/private/arcapix.key
chown root:nginx /etc/pki/tls/private/arcapix.key 

Once updated these files, restart the nginx web server to load the new certificates:

systemctl restart nginx 

Note: To learn about “How to set up an nginx proxy for hub if you’re not using PixStor”, please contact us.