Execute the SSL communication with Device Manager - Storage Navigator installed on the SVP as a client and with the controller of the storage system as a server. Upload the private key and the signed server certificate (public key) to the SVP for using the SSL communication.
The extended profile fields in the X.509 certificate support the following items as specified in RFC5280:
- BasicConstraints
- KeyUsage
- SubjectKeyIdentifier
Use the following procedure to upload the certificate using the certificate update tool.
- The private key for the web server and the signed public key certificate must be updated in the maintenance utility.
- The private key (server.key file) and signed public key certificate (server.crt file) must be in X509 PEM format or X509 DER format.
- If an intermediate certificate exists, you must prepare a signed public key certificate (server.crt file) in a certificate chain that contains the intermediate certificate.
- The number of tiers of the certificate chain for the certificate to be uploaded must be 5 tiers or less including the root CA certificate.
- The GUM firmware version 93-02-01 or later is required to update a certificate file to a certificate file in a certificate chain that contains the intermediate certificate and root CA certificate.
- The public key encryption method for the certificate to be uploaded must be RSA.
- All users must be logged out of Device Manager - Storage Navigator.
Verify that the uploaded certificate is valid by checking that the Maintenance Utility window opens. For details and instructions, see Checking the web server certificate uploaded to the SVP.