To manage the storage system by using HCS and perform the HCS external authentication, upload an HCS public key certificate to the web server to register the certificate. Complete the steps in the following procedure to upload and register a certificate using the certificate update tool.
- You must have the Security Administrator (View & Modify) role to perform this task.
- If the certificate to be registered has an extension other than .crt, change it to .crt.
- The certificate to be registered must be in X509 PEM or X509 DER format.
- You must be an external authentication user whose external user group mapping is disabled, or a local authentication user.
- If the public key of the certificate to be uploaded is RSA, the key length must not be less than the key length that is set for Minimum Key Length (Key Exchange) in the TLS Security Settings dialog box.
- If the public key of the certificate to be uploaded is ECDSA, the
public key parameter must be any of the following:
- ECDSA_P256 (secp256r1)
- ECDSA_P384 (secp384r1)
- ECDSA_P521 (secp521r1)
- The signature hash algorithm of the certificate to be uploaded must be SHA-256, SHA-384, or SHA-512.
- The extended profile fields in the X.509 certificate support the following
items as specified in RFC5280:
- subjectAltName
- CRLDistributionPoint
- AuthorityInfoAccess
- BasicConstraints
- KeyUsage
- SubjectKeyIdentifier
Enter the host name or the IP address of the server in subjectAltName or CommonName of the certificate for the connected server.
- The number of tiers of the certificate chain for the connected server certificate must be 20 tiers or less including the root CA certificate.