Before using a certificate for SSL communications between the SVP and the storage system, you need to upload the signed public key certificate to the SVP.
The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
- BasicConstraints
- KeyUsage
- SubjectKeyIdentifier
- The private key for the storage system and the signed public key certificate must be updated in the maintenance utility.
- The signed public key certificate (server.crt file) must be in X509 PEM format.
- If an intermediate certificate exists, you must prepare a signed public key certificate (server.crt file) in a certificate chain that contains the intermediate certificate.
- The number of tiers of the certificate chain for the certificate to be uploaded must be 5 tiers or less including the root CA certificate.
- The following GUM firmware version is required to update a certificate file to a certificate file in a certificate chain that contains the intermediate certificate and CA certificate:
- 93-02-01-xx/xx or later
- 88-06-01-xx/xx or later
- The public key encryption method for the certificate to be uploaded must be RSA.
- All users must be logged out of Device Manager - Storage Navigator.