Uploading a signed certificate to the SMI-S provider

System Administrator Guide for VSP E990 and VSP G130, G/F350, G/F370, G/F700, G/F900

Version
88-08-0x
Audience
anonymous
Part Number
MK-97HM85028-11

To use certificates in SSL communication with the SMI-S provider, you must update and upload the private key and the signed server certificate (public key) to the SMI-S provider to update the certificate. Use the following procedure to upload and update certificates using a certificate update tool.

Ensure that the following items have been completed:

  • You must have the Storage Administrator (View & Modify) role to perform this task.
  • A private key (.key file) has been created. Change the file name to server.key unless the file is already named that. See Creating a private key using the OpenSSL command.
  • The passphrase for the private key (server.key file) is released.
  • A signed public key certificate (.crt file) has been acquired. Change the file name to server.crt unless the file is already named that. See Creating a public key using the OpenSSL command.
  • The private key (.key file) is in PEM format. (You cannot use the DER format.)
  • The signed public key certificate (.crt file) is in X509 PEM format. (You cannot use the X509 DER format.) See Obtaining a self-signed certificate.
  • When using TLS1.2, you must set the cipher suites corresponding to the key type of the certificate that is uploaded to the SVP or the SMI-S provider.

    Verify the settings of the cipher suites on the TLS Security Settings dialog box using the Tool Panel dialog box:

    • If the key type is RSA, select a cipher suite whose name contains “RSA”.
    • If the key type is ECDSA, select a cipher suite whose name contains “ECDSA”.

    If the cipher suites corresponding to the key type of the certificate are not set, you cannot connect the storage system using the management software.

  1. Close all Device Manager - Storage Navigator sessions on the SVP.
  2. On the Device Manager - Storage Navigator computer, open a web browser and enter the following URL to open the Tool Panel dialog box.
    http://IP-address-or-host-name-of-SVP/cgi-bin/utility/toolpanel.cgi
  3. In the Tool Panel dialog box, click Update Certificate Files for SMI-S. The login dialog box for Update Certificate Files for SMI-S opens.
    If SSL communication has been established, the Security Alert dialog box opens before the login dialog box. In the Security Alert dialog box, click OK.
  4. In the login dialog box for Update Certificate Files for SMI-S, enter the administrator's user ID and password, and click Login. The upload dialog box for Update Certificate Files for SMI-S opens.
  5. In the upload dialog box for Update Certificate Files for SMI-S, enter both the public key certificate file name in the Certificate file (server.crt file) box and the Private Key file (server.key file) box. You can enter the file names directly or by clicking Browse.
  6. Click Upload. The execution confirmation dialog box for Update Certificate Files for SMI-S opens.
  7. Click OK to update the certificate. Update of the certificate starts.
    Upon completion of the certificate update, the SMI-S provider restarts to reflect the update.

    Upon completion of the restart of the SMI-S provider, the update completion dialog box for Update Certificate Files for SMI-S opens

  8. In the update completion dialog box for Update Certificate Files for SMI-S, click OK. The display returns to the login dialog box.
    Note: If an error occurs during update of the certificate, an error message displays. Resolve the problem and then run the procedure again, starting with logging in, to upload configuration files for SMI-S.
    Note: If the Security Alert dialog box for the certificate opens at other times, click View Certificate to confirm that the certificate is correct and then click Yes.