To enable an SSL/TLS connection to VSP One SDS Block using a certificate, import the applicable private key and a signed certificate for the applicable public key to VSP One SDS Block and update the certificate.
-
Required role: Security
-
The applicable private key must be created beforehand.
-
A signed certificate for the applicable public key must be obtained beforehand.
-
The private key format must be PEM or DER.
-
The format of the signed certificate for the public key must be X509.
-
The passphrase for the private key must be canceled.
-
Server certificates that can be imported are paired with private keys.
-
If you import a server certificate in RSA format, a key length in the range from 1024 to 8192 bits is supported. The recommended key length is 2048 bits or longer. If you import a server certificate in ECC format, you can use one of the following Elliptic Curves: prime256v1, secp384r1, and secp521r1.
-
The fields in the extended profile of an X.509 certificate support the following fields as specified in RFC 5280:
-
Basic Constraints
-
Key Usage
-
Subject Key Identifier
-
Authority Key Identifier
-
Certificate Policies
-
Subject Alternative Name
-
Name Constraints
-
Policy Constraints
-
Extended Key Usage
-
Inhibit anyPolicy
-
-
The number of layers in the certificate chain should be no more than 10, including the root CA certificate.