Uploading the certificates for “Connect to SVP” and “Web server” to the storage system

System Administrator Guide for VSP E990 and VSP G130, G/F350, G/F370, G/F700, G/F900

Version
88-08-0x
Audience
anonymous
Part Number
MK-97HM85028-11

Before uploading the SSL certificate, you must upload and update the certificate for “Connect to SVP” and the certificate for “Web server” that are used for SSL communications between the management client and the storage system and between the SVP and the storage system.

The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
  • BasicConstraints
  • KeyUsage
  • SubjectKeyIdentifier
Note: When the storage management software is updated, the private key and signed public key certificate might be returned to default. If this happens, you need to upload the private key and signed public key certificate to the SVP again.
  • The certificate files must be in PKCS#12 format.
  • If you have a server certificate file and a private key file that are in PEM format, you need to convert the certificates to PKCS#12 format. Also, register the server certificate files before conversion in the SVP.
  • If an intermediate certificate exists, you must prepare a signed public key certificate in a certificate chain that contains the intermediate certificate.
  • The number of tiers of the certificate chain for the certificate to be uploaded must be 5 tiers or less including the root CA certificate.
  • The following GUM firmware version is required to update a certificate file to a certificate file in a certificate chain that contains the intermediate certificate and CA certificate:
    • 93-02-01-xx/xx or later
    • 88-06-01-xx/xx or later
  • The public key encryption method for the certificate to be uploaded must be RSA.
  1. In the maintenance utility Menu navigation tree, click System Management > Update Certificate Files.
  2. Select the check box for the certificate you want to update, and then specify the certificate file.
    • If you are using Hitachi Storage Advisor Embedded, select Web Server.
      Note: If the storage system does not have an SVP, make sure to clear (uncheck) the check box for Connect to SVP.
    • If you are using Hitachi Device Manager - Storage Navigator, select Web Server or Connect to SVP.
  3. Confirm the settings, and then click Apply.
  4. When the completion message appears, close the dialog box.