Enabling an HTTPS Connection

  • Updated on Jan 30, 2026
  • Published on Jan 28, 2026
  • 2 minute(s) read
Prev Next

Clients using the S3 protocol can connect with the cluster over an HTTPS connection. The HTTPS connection uses SSL encryption. The algorithms used to encrypt the connection use libraries that are currently being validated for FIPS 140-3.  

In order to enable S3 clients to connect to the S3 service over HTTPS, an SSL certificate must be installed for the S3 service. The S3 server presents the installed certificate to clients during the SSL handshake that takes place to establish the HTTPS connection.

There is a pre-installed self-signed certificate. You may wish to install an authority-signed SSL certificate in its place.

Certificate Requirements

The certificate must be in the PEM file format. It can be a Certificate Authority (CA) authorized root certificate or chain or you can use a self signed certificate if you choose not to obtain a CA certificate.

How to Install the Certificate

  1. Obtain the SSL server certificate in PEM format, consisting of two files: a certificate file and a key file.

  2. From the left navigation menu of the VAST Web UI, select Settings and then Certificates.

  3. From the Certificate for dropdown, select S3.

  4. Paste the certificate file content in the Server Certificate field and the key file content into the Private Key field.

  5. Click Update.

    Your certificate is installed.

Client-Side Configuration

When you configure a client to connect to the S3 service, you need to make sure that certificate verification on the client side is configured in such a way that the HTTPS connection can be established successfully. These are some suggested configurations to do on the S3 client:

  • Configure the client to use a certificate trust store that contains the signer for the installed certificate, or verify that it does by default. For a self signed certificate, you might do this by pointing the client to a non default trust store path and storing the certificate itself at that path.

  • Alternatively, disable certificate verification on the client. This will enable the HTTPS connection to be established without the client's certificate trust store containing the certificate signer.

  • Either make sure that the hostname embedded in the certificate matches the service endpoint URL on the client or configure the client not to verify the certificate's hostname. This will prevent connection failure due to a mismatch between the service endpoint URL configured on the client and the hostname embedded in the certificate.

Related articles
  • Enabling an HTTPS Connection
    VAST Cluster > Version 5.1 > VAST Cluster 5.1 Administrator's Guide > Managing Access Protocols > S3 Object Storage Protocol > Managing S3 Connection Settings
  • Enabling an HTTPS Connection
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 Administrator's Guide > Managing Access Protocols > S3 Object Storage Protocol > Managing S3 Connection Settings
  • Enabling an HTTPS Connection
    VAST Cluster > Version 5.0 > VAST Cluster 5.0 Administrator's Guide > Managing Access Protocols > S3 Object Storage Protocol > Managing S3 Connection Settings