Registering certificates for HCS

System Administrator Guide for VSP 5000 Series

Version
90-09-2x
Audience
anonymous
Part Number
MK-98RD9009-16

To manage the storage system by using HCS and perform the HCS external authentication, upload an HCS public key certificate to the web server to register the certificate. Complete the steps in the following procedure to upload and register a certificate using the certificate update tool.

  • You must have the Security Administrator (View & Modify) role to perform this task.
  • If the certificate to be registered has an extension other than .crt, change it to .crt.
  • The certificate to be registered must be in X509 PEM or X509 DER format.
  • You must be an external authentication user whose external user group mapping is disabled, or a local authentication user.
  • If the public key of the certificate to be uploaded is RSA, the key length must not be less than the key length that is set for Minimum Key Length (Key Exchange) in the TLS Security Settings dialog box.
  • If the public key of the certificate to be uploaded is ECDSA, the public key parameter must be any of the following:
    • ECDSA_P256 (secp256r1)
    • ECDSA_P384 (secp384r1)
    • ECDSA_P521 (secp521r1)
  • The signature hash algorithm of the certificate to be uploaded must be SHA-256, SHA-384, or SHA-512.
  • The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
    • subjectAltName
    • CRLDistributionPoint
    • AuthorityInfoAccess
    • BasicConstraints
    • KeyUsage
    • SubjectKeyIdentifier

    Enter the host name or the IP address of the server in subjectAltName or CommonName of the certificate for the connected server.

  • The number of tiers of the certificate chain for the connected server certificate must be 20 tiers or less including the root CA certificate.
  1. Close all Device Manager - Storage Navigator sessions on the SVP.
  2. On the Device Manager - Storage Navigator computer, open a web browser and enter the following URL to open the Tool Panel dialog box.
    http://IP-address-or-host-name-of-SVP/cgi-bin/utility/toolpanel.cgi
  3. In the Tool Panel dialog box, click Set or Delete Certificate File for HCS. The Login dialog box opens.
    If SSL communication has been established, the Security Alert dialog box opens before the Login dialog box. In the Security Alert dialog box, click OK.
  4. When the Login dialog box opens, enter the administrator user ID and password, and click Login. The Login dialog box opens.
  5. In the dialog box, enter the certificate file for HCS (.crt file) in the Certificate file (The name of the button to click depends on the browser. file) box. You can enter the file name directly or by clicking Browse or Select File and searching for the file name. The name of the button to click depends on the browser.
  6. Click Register. The execution confirmation dialog for Set or Delete Certificate File for HCS opens.
  7. Click OK to register the certificate. Registration of the certificate starts.
    When the certificate is registered, the registration completion dialog box for Set or Delete Certificate File for HCS opens.
  8. In the registration completion dialog box for Set or Delete Certificate File for HCS, click OK. The display returns to the login dialog box.
    Note: If an error occurs during registration of the HCS certificate, an error message displays. Resolve the problem and then run the procedure again, starting with logging in to Set or Delete HCS Certificate.
    Note: If the Security Alert dialog box for the certificate opens at other times, click View Certificate to confirm that the certificate is correct and then click Yes.