Uploading an account certificate for CAP authentication
The C2S CAP server acts as an intermediary between HCP and AWS STS authentication. CAP looks up the user's S3 credentials based off HCP account credentials sent to CAP. If the check passes, CAP then sends the S3 credentials to a predefined AWS STS endpoint. STS, in turn, issues a temporary token which CAP sends back to HCP.
C2S CAP authentication can only be used with the S3 compatible component. In order to use C2S CAP authentication you need to provide an account certificate.
Before you begin
To view the Storage page, you need the monitor or administrator role. To create, modify, or delete extended storage components and extended storage pools, you need the administrator role.
Procedure
On theAccount Certificates panel, click Browse and navigate to the location of your C2S CAP authentication certificate.
page, under theClick Upload Certificate.
Click Next.
Review your certificate information.
Click Finish.
NoteIn order to upload a account certificate, you need the administrator role.