If only one storage system is registered in the SVP, you can update the following
SSL certificates in a batch:
- Signed certificate for SSL communication between the SVP and the management client
- Certificate for connecting to the SVP
- Certificate for connecting to the web server on the storage system
Note: The extended profile fields in the X.509 certificate support the
following items as specified in RFC5280:
- BasicConstraints
- KeyUsage
- SubjectKeyIdentifier
- subjectAltName
- Ensure that only one storage system is registered in the SVP.
- A private key for external communication between the SVP and the management client has been created.
- A signed public key certificate for external communication between the SVP and the management client has been acquired.
- A private key for internal communication for connecting to the SVP or web server and a signed public key certificate must be X509 PEM or X509 DER format.
- All users must be logged out of Hitachi Device Manager - Storage Navigator.
- You must have the Security Administrator (View & Modify) role and Support Personnel (User) role to perform this task.
Create the following parameter file (in JSON format) beforehand. Allowed characters when you specify the path to the certificate in the parameter file are alphanumeric characters, spaces, and symbols: - _ . \ / :.
- "user": "user-name-of-the-account-registered-in-the-storage-system"
- "password": "password-of-the-account-registered-in-the-storage-system"
- "innerConnectionCertPath": "absolute-path-to-the-public-key-certificate-for-internal-communication"
- "innerPrivateKeyPath": "absolute-path-to-the-private-key-for-internal-communication"
- "outerConnectionCertPath": "absolute-path-to-the-public-key-certificate-for-external-communication"
- "outerPrivateKeyPath": "absolute-path-to-the-private-key-for-external-communication"
{ "user": "someuser", "password": "password123", "innerConnectionCertPath": "c:\\sslcert\\innercert.crt", "innerPrivateKeyPath": "c:\\sslcert\\innercert.key", "outerConnectionCertPath": "c:\\sslcert\\outercert.crt", "outerPrivateKeyPath": "c:\\sslcert\\outercert.key" }