To use SSL-encrypted communication, you must update and upload the private key and the signed server certificate (public key) to the management client.
The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
- BasicConstraints
- KeyUsage
- SubjectKeyIdentifier
- subjectAltName
Important: Before updating a signed certificate, review the following information:
- While the SVP certificate is being updated, tasks that are being run or scheduled to run on Device Manager - Storage Navigator are not executed.
- Certificates for RMI communication are updated asynchronously. The process takes about 2 minutes.
- If the SVP certificate is updated while Ops Center Administrator or Hitachi Command Suite is being set up, the setup operation will fail.
- Updating the SSL certificate might change the system drastically and could lead to SVP failure. Make sure to consider carefully the content of the certificate and private key to be set.
- After the certificate update is complete, the SVP can take 30 to 60 minutes to restart depending on the environment.
- You must have the Storage Administrator (Initial Configuration) role to perform this task.
- You must be logged in to the SVP or management client.
- A private key (.key file) has been created. Make sure that the file name is server.key.
- The passphrase for the private key (server.key file) is released.
- A signed public key certificate (.crt file) has been acquired. Make sure that the file name is server.crt.
- The private key (.key file) must be in PEM format. You cannot use DER format.
- The signed public key certificate (.crt file) must be in X509 PEM format. You cannot use X509 DER format.
- The passphrase for the private key (server.key file) must be released.