To use certificates in SSL communication with the SMI-S provider, you must update and upload the private key and the signed server certificate (public key) to the SMI-S provider to update the certificate. Use the following procedure to upload and update certificates.
Important: When the storage management software is updated, the private key and signed public key certificate might be returned to default. If this happens, you need to upload the private key and signed public key certificate to the SVP again.
Ensure that the following items have been completed:
- You must have the Storage Administrator (View & Modify) role to perform this task.
- A private key (.key file) must have been created. Change the file name to server.key unless the file is already named that. See Creating a private key using the OpenSSL command.
- The passphrase for the private key (server.key file) is released.
- A signed public key certificate (.crt file) has been acquired. Change the file name to server.crt unless the file is already named that. See Creating a public key using the OpenSSL command.
- The private key (.key file) is in PEM format. (You cannot use the DER format.)
- The signed public key certificate (.crt file) is in X509 PEM format. (You cannot use the X509 DER format.) See Obtaining a self-signed certificate. The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
- BasicConstraints
- KeyUsage
- SubjectKeyIdentifier
- SubjectAltName
- If an intermediate certificate exists, prepare a signed public key certificate (server.crt file) that has a certificate chain that includes the intermediate certificate.
- The number of tiers of the certificate chain for the certificate to be uploaded must be 5 tiers or less including the root CA certificate.
- The public key encryption method for the certificate to be uploaded must be RSA.