To use certificates in SSL communication with the SMI-S provider, you must update and upload the private key and the signed server certificate (public key) to the SMI-S provider to update the certificate. Use the following procedure to upload and update certificates using a certificate update tool.
Ensure that the following items have been completed:
- You must have the Storage Administrator (View & Modify) role to perform this task.
- A private key (.key file) has been created. Change the file name to server.key unless the file is already named that. See Creating a private key using the OpenSSL command.
- The passphrase for the private key (server.key file) is released.
- A signed public key certificate (.crt file) has been acquired. Change the file name to server.crt unless the file is already named that. See Creating a public key using the OpenSSL command.
- The private key (.key file) is in PEM format. (You cannot use the DER format.)
- The signed public key certificate (.crt file) is in X509 PEM format. (You cannot use the X509 DER format.) See Obtaining a self-signed certificate.
-
When using TLS1.2, you must set the cipher suites corresponding to the key type of the certificate that is uploaded to the SVP or the SMI-S provider.
Verify the settings of the cipher suites on the TLS Security Settings dialog box using the Tool Panel dialog box:
- If the key type is RSA, select a cipher suite whose name contains “RSA”.
- If the key type is ECDSA, select a cipher suite whose name contains “ECDSA”.
If the cipher suites corresponding to the key type of the certificate are not set, you cannot connect the storage system using the management software.