Before uploading the SSL certificate, you must upload and update the certificate for “Connect to SVP” and the certificate for “Web server” that are used for SSL communications between the management client and the storage system and between the SVP and the storage system.
The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
- BasicConstraints
- KeyUsage
- SubjectKeyIdentifier
Note: When the storage management software is updated, the private key and signed public key certificate might be returned to default. If this happens, you need to upload the private key and signed public key certificate to the SVP again.
- The certificate files must be in PKCS#12 format.
- If you have a server certificate file and a private key file that are in PEM format, you need to convert the certificates to PKCS#12 format. Also, register the server certificate files before conversion in the SVP.
- If an intermediate certificate exists, you must prepare a signed public key certificate in a certificate chain that contains the intermediate certificate.
- The number of tiers of the certificate chain for the certificate to be uploaded must be 5 tiers or less including the root CA certificate.
- The following GUM firmware version is required to update a certificate file to a certificate file in a certificate chain that contains the intermediate certificate and CA certificate:
- 93-02-01-xx/xx or later
- 88-06-01-xx/xx or later
- The public key encryption method for the certificate to be uploaded must be RSA.