Importing a CA-signed certificate with an externally generated private key

Server and Cluster Administration Guide for Hitachi NAS Platform

Part Number

This procedure applies when you already have a certificate that has been generated elsewhere, so you do not need to generate the CSR from HNAS. You will need the private key as well.

Use these steps to import a CA-signed certificate with an externally generated private key.

You must have the private key, certificate, and trust chain certificate.

The encoding of the key and certificates must be in PEM (base-64) format. DER is not supported for this procedure.

Both the certificate and trust chain certificates must be in X.509 format.

  1. Combine the server certificate, chain certificates, and private key into a single PEM file. You can do this as follows from a Linux shell:
    cat server_certificate.cer trust_chain_certificate1.cer \
    [trust_chain_certificate2.cer …] server_private_key \
    > server_combined.pem
  2. Import the certificate, trust chain and private key bundle:
    $ tls-certificate-import-signed --path server_combined.pem \
    –-with-private-key --confirm 
When the SSL configuration is changed, or a custom certificate is installed or removed, the HTTPS management server is automatically restarted to ensure that all current and future connections make use of the certificate, and the enabled versions and ciphers. An incorrect configuration can cause the the SMU to be unable to communicate with the HTTPS management server. Verify that the SMU can still communicate after the settings have been changed.