If you want to use a single server certificate for all grid nodes in your StorageGRID Webscale system, you need to configure a custom server certificate.
When a client application establishes a Transport Layer Security (TLS) session to the StorageGRID Webscale system, the target LDR service on the Storage Node sends a server certificate to the client application. By default, each Storage Node identifies itself by using a separate certificate that is signed by the system Certificate Authority (CA). Rather than use separate server certificates, you can choose to use a single server certificate supplied by you for all Storage Nodes. This provides flexibility in enabling support for certificate hostname verification.
Only RSA custom server certificates are supported.
The certificate and private key should be entered in PEM format.
You can choose to use the wildcard certificate format: for example, *.storagegrid.mycompany.com. In this case, API Gateway Nodes and Storage Nodes must have DNS entries that map their IP addresses to host names that match the wildcards: for example, dc1-gw1.storagegrid.mycompany.com and dc2-s3.storagegrid.mycompany.com. Client applications are then configured to connect to the system using these DNS names, which enables host name verification.
If you configured a custom server certificate, then clients should verify using the root CA certificate that issued the custom server certificate. However, if you use the default certificate, then client applications should verify connections using the system certificate.