Uploading the signed certificate for SSL communication between the SVP and management client to the SVP

System Administrator Guide for VSP E990 and VSP G130, G/F350, G/F370, G/F700, G/F900

Version
88-08-0x
Audience
anonymous
Part Number
MK-97HM85028-11

To use a certificate for SSL communications between the SVP and the client PC, you must upload the private key and signed public key certificate to the SVP. Use the following procedure to upload a certificate by using the certificate update tool.
The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
  • BasicConstraints
  • KeyUsage
  • SubjectKeyIdentifier
  • SubjectAltName
Note: When the storage management software is updated, the private key and signed public key certificate might be returned to default. If this happens, you need to upload the private key and signed public key certificate to the SVP again.
  • The private key (server.key file) must have been created. If the file name is not server.key, rename it to server.key.
  • The signed public key certificate (server.crt file) must have been obtained. If the file name is not server.crt, rename it to server.crt.
  • The private key (server.key file) and the signed public key certificate (server.crt file) must be in X509 PEM format. Do not use a certificate in X509 DER format.
  • If an intermediate certificate exists, you must prepare a signed public key certificate (server.crt file) in a certificate chain that contains the intermediate certificate.
  • The certificate chain for the certificate to be uploaded must have 5 tiers or fewer including the root CA certificate.
  • The following GUM firmware version is required to update a certificate file to a certificate file in a certificate chain that contains the intermediate certificate and root CA certificate:
    • 93-02-01-xx/xx or later
    • 88-06-01-xx/xx or later
  • The public key encryption method for the certificate to be uploaded must be RSA.
  • All users must be logged out of Device Manager - Storage Navigator.
  1. On the SVP, start a Windows command prompt as Administrator.
  2. Move the current directory to the directory containing the certificate update tool MappApacheCrtUpdate.bat.
  3. Run the following commands:
    cd /d C:\Mapp\wk\Supervisor\MappIniSet
    MappApacheCrtUpdate.bat absolute-path-of-the-certificate-file absolute-path-of-the-private-key-file

    In this command, C:\MAPP indicates the installation directory of the storage management software and SVP software. If the installation directory is not C:\Mapp, replace C:\Mapp with your installation directory.

  4. When prompted, press any key to continue.
  5. When the processing is complete, you can close the command prompt.