- Creating a private key and a certificate signing request (CSR)
-
The cssslsetup command creates a common private key and CSR that can be used by all products.
Note: This command only supports the RSA encryption algorithm. If you want to use both RSA and the Elliptic Curve Digital Signature Algorithm (ECDSA), perform the procedure described in Configuring SSL communications without using the SSL Setup tool. - Configuring the SSL server settings
-
The cssslsetup command configures the SSL server settings for the following:
Product
Settings
Common Services
Registers the server certificate and private key.
Automator
- Registers the server certificate and private key.
- Enables SSL communications.
Analyzer
- Registers the server certificate and private key.
- Enables SSL communications.
Analyzer detail view
Imports the server certificate (in the PKCS#12 format) into the keystore.
Analyzer viewpoint
Registers the server certificate and private key.
Analyzer probe server - Imports the server certificate (in the PKCS#12 format) into the keystore.
- Registers the server certificate and private key (for on-demand real time monitoring and RAID Agent).
Analyzer Virtual Storage Software Agent Imports the server certificate (in the PKCS#12 format) into the keystore.
Administrator
Registers the server certificate and private key.
Protector
Registers the server certificate and private key.
API Configuration Manager
- Registers the server certificate and private key.
- Configures notifications for storage system configuration changes.
- Configuring the SSL client settings and enabling certificate verification
-
The cssslsetup command configures the SSL communication settings and enables certificate verification.
Product
Settings
Common Services
- Imports the root certificate into the truststore.
- Imports the root certificate of the server certificate for the Active Directory, LDAP, or an AD FS server into the truststore.
- Enables certificate verification.
Automator
- Imports the root certificate into the truststore.
- Imports the root certificate of the server certificate for the Active Directory server into the truststore.
- Enables certificate verification.
Analyzer
- Imports the root certificate into the truststore.
- Imports the root certificate of the server certificate for the Active Directory server into the truststore.
- Enables certificate verification.
Analyzer detail view
- Imports the root certificate into the truststore.
- Imports the Active Directory server certificate into the
truststore.Note: To link with Active Directory, you must add an active directory user by using Analyzer detail view.
- Enables certificate verification.Note: If you want to use a certificate issued by a certificate authority for SSL communication for real time data collection, you must set the following Analyzer detail view server parameters in the hosts file on the management server to enable certificate verification:
IP-address hostname
For hostname, specify the value obtained by running the hostname -f command.
- Imports the server certificate of the RAID Agent server into the truststore (for on-demand real time monitoring).
Analyzer viewpoint
- Registers the trusted certificate into Analyzer viewpoint.
- Enables certificate verification.
Analyzer probe server - Imports the root certificate and the target product's server certificate into the truststore.
- Imports the Active Directory server certificate into the truststore.
- Imports the root certificate into the Analyzer probe server truststore (for RAID Agent).
- Imports the storage system certificate into the truststore of the instance environment (for RAID Agent).
- Changes the permissions of the client.truststore.jks file, which was copied from the Analyzer detail view server (for real time data collection).
- Enables certificate verification.
Analyzer Virtual Storage Software Agent - Imports the root certificate of VSP One SDS Block or the storage system into the truststore.
- Enables certificate verification.
Administrator
None
Note:- You must use the setupcommonservice command for the following tasks:
- Importing the root certificate into the truststore
- Enabling certificate verification
- If you want to link with Active Directory, you must import the certificate of the Active Directory server into the truststore and register an Active Directory domain that uses the DNS server. For the configuration procedure, see the Administrator documentation.
Protector
Imports the root certificate into the truststore.
Note: You must use the setupcommonservice command to enable certificate verification.API Configuration Manager
- Enables certificate verification for SSL communications with the storage system.
- Enables SSL communications.
- Enabling or disabling certificate verification
-
You can enable or disable certificate verification for SSL communications maintenance.
The SSL Setup tool provides the following functions.