To use a certificate for SSL communications between the SVP and the client PC, you must upload the private key and signed public key certificate to the SVP. Use the following procedure to upload a certificate by using the certificate update tool.
The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
- BasicConstraints
- KeyUsage
- SubjectKeyIdentifier
- SubjectAltName
Note: When the storage management software is updated, the private key and signed public key certificate might be returned to default. If this happens, you need to upload the private key and signed public key certificate to the SVP again.
- The private key (server.key file) must have been created. If the file name is not server.key, rename it to server.key.
- The signed public key certificate (server.crt file) must have been obtained. If the file name is not server.crt, rename it to server.crt.
- The private key (server.key file) and the signed public key certificate (server.crt file) must be in X509 PEM format. Do not use a certificate in X509 DER format.
- If an intermediate certificate exists, you must prepare a signed public key certificate (server.crt file) in a certificate chain that contains the intermediate certificate.
- The certificate chain for the certificate to be uploaded must have 5 tiers or fewer including the root CA certificate.
- The following GUM firmware version is required to update a certificate file to a certificate file in a certificate chain that contains the intermediate certificate and root CA certificate:
- 93-02-01-xx/xx or later
- 88-06-01-xx/xx or later
- The public key encryption method for the certificate to be uploaded must be RSA.
- All users must be logged out of Device Manager - Storage Navigator.