Uploading a signed certificate to the SMI-S provider

System Administrator Guide for Virtual Storage Platform E Series

Version
93-07-0x
Audience
anonymous
Part Number
MK-97HM85028-18

To use certificates in SSL communication with the SMI-S provider, you must update and upload the private key and the signed server certificate (public key) to the SMI-S provider to update the certificate. Use the following procedure to upload and update certificates.

Important: When the storage management software is updated, the private key and signed public key certificate might be returned to default. If this happens, you need to upload the private key and signed public key certificate to the SVP again.

Ensure that the following items have been completed:

  • You must have the Storage Administrator (View & Modify) role to perform this task.
  • A private key (.key file) must have been created. Change the file name to server.key unless the file is already named that. See Creating a private key using the OpenSSL command.
  • The passphrase for the private key (server.key file) is released.
  • A signed public key certificate (.crt file) has been acquired. Change the file name to server.crt unless the file is already named that. See Creating a public key using the OpenSSL command.
  • The private key (.key file) is in PEM format. (You cannot use the DER format.)
  • The signed public key certificate (.crt file) is in X509 PEM format. (You cannot use the X509 DER format.) See Obtaining a self-signed certificate.
    The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
    • BasicConstraints
    • KeyUsage
    • SubjectKeyIdentifier
    • SubjectAltName
  • If an intermediate certificate exists, prepare a signed public key certificate (server.crt file) that has a certificate chain that includes the intermediate certificate.
  • The number of tiers of the certificate chain for the certificate to be uploaded must be 5 tiers or less including the root CA certificate.
  • The public key encryption method for the certificate to be uploaded must be RSA.
  1. Log in to the SVP.
  2. Close all Device Manager - Storage Navigator sessions on the SVP.
  3. On the SVP, start Windows command prompt as an Administrator.
  4. Move the current directory to the directory where the tool MappApacheCrtUpdate.bat exists (for example, C:\MAPP\wk\Supervisor\MappIniSet), and then execute the following command:
    MappApacheCrtUpdate.bat <absolute-path-of-signed-public-key-certification-file> <absolute-path-of-private-key-file>
    Note:
    • A space is required between MappApacheCrtUpdate.bat and the signed public key certification file path.
    • A space is required between the signed public key certification file path and the private key file path.
  5. When the completion message appears, press any key to acknowledge the message and close the message box.
  6. Close the command prompt window.