Verifying the SVP server certificate

System Administrator Guide for VSP 5000 Series

Version
90-09-2x
Audience
anonymous
Part Number
MK-98RD9009-16

If you updated the initial SVP certificate, you can verify whether the connection destination is correct by registering the server certificate or self-signed certificate for the SVP on the Device Manager - Storage Navigator (HDvM - SN) management client. When verification is enabled, if verification fails, the communication is interrupted, and starting the HDvM - SN secondary window fails. Even when verification is disabled, verification processing is performed. In this case, if verification fails, a confirmation window appears indicating the following message:

The certificate security verification for the TLS communication cannot be performed. Are you sure you want to stop the certificate security verification to continue the connection?
        

After you click Confirm, the communication continues.

If the server certificate registered on the SVP is a signed public key certificate issued by a Certificate Authority (CA), register the root certificate of the CA on the HDvM - SN management client. If the server certificate is a self-signed certificate, register the server certificate registered on the SVP onto the HDvM - SN management client. A certificate that can be registered on the HDvM - SN management client is in X509 PEM or X509 DER format.

Table.
Verification item What is verified? Note
Validity period verification Verifies whether the server certificate is within the validity period. Before you verify the validity, ensure that the validity period for the server certificate registered on the SVP is not expired.
Revocation verification Verifies whether the server certificate is not invalidated by using the CRL (list of digital certificates that were invalidated before the expiration date) or OCSP (online check). You need a network environment in which the CRL repository or OCSP responder can be accessed from the HDvM - SN management client.
SAN/CN verification Verifies whether the host name (including FQDN) or IP address (IPv4 or IPv6) that is specified for SAN (Subject Alternative Name: additional name that is an extension of CN) or CN (Common Name) in the server certificate is the same as the connection destination. The host name or IP address of the SVP that you specify as the connection destination on the HDvM - SN management client must be contained in SAN or CN in the server certificate registered on the SVP. For the IP address, specify the IP address displayed in the HDvM - SN main window.
Certificate chain verification Verifies whether the root certificate, intermediate certificates, and server certificate are correctly associated with each other in the certificate chain. If the sever certificate is signed by an intermediate CA, all intermediate certificates including the server certificate must be registered in the certificate to be registered on the SVP.
CAUTION:

If you did not update the initial SVP certificate, disable the verification function to continue the communication as it did before.

If you enable the verification function, verification fails, the communication is interrupted, and starting the HDvM - SN secondary window fails.