Unable to access Unisphere or SP setup page due to certificate issue.

Product:

 

VNX Series, Unisphere

 

Description:

 

Attempt to connect to Unisphere via SP IP address hangs on the certificate page. Cannot access the SP setup page.

SP is pingable, Remotely Anywhere is accessible and naviseccli commands are working.

 

Resolution:

 

This behavior can be caused by an invalid digital signature on the SP certificate. Support can verify if there is an issue with the SP certificate. 

 

 

If the issue is identified a new certificate can be uploaded to the SP via command line. The following steps need to be carried out to package the new temporary certificate (steps are for a Windows 7 machine):


1. Go to http://slproweb.com/products/Win32OpenSSL.html, download openSSL, then install the kit.

 

2. Create 1024-bit private key;

  C:\OpenSSL-Win32\bin>openssl genrsa -out testMD5.key 1024

 

3. Create the corresponding certificate request;

  C:\OpenSSL-Win32\bin>openssl req -new -key testMD5.key -config "C:\OpenSSL-Win32\bin\openssl.cfg" -out testMD5.csr

 

Output: 

 

  WARNING: can't open config file: /usr/local/ssl/openssl.cnf  * This can be ignored, not relevant to windows
  Loading 'screen' into random state - done
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  -----
  Country Name (2 letter code) [AU]:US
  State or Province Name (full name) [Some-State]:Massachusetts
  Locality Name (eg, city) []:Southboro
  Organization Name (eg, company) [Internet Widgits Pty Ltd]:EMC Corporation
  Organizational Unit Name (eg, section) []:CLARiiON
  Common Name (e.g. server FQDN or YOUR name) []:<SP IP address>
  Email Address []:

  Please enter the following 'extra' attributes
  to be sent with your certificate request
  A challenge password []:123456
  An optional company name []:

 

4. Create the self-signed certificate with MD5 signature;

  C:\OpenSSL-Win32\bin>openssl x509 -req -days 365 -in testMD5.csr -signkey testMD5.key -out testMD5.crt -md5

 

5. Package the key and certificate into a pfx file;

  C:\OpenSSL-Win32\bin>openssl pkcs12 -export -out testMD5.pfx -inkey testMD5.key -in testMD5.crt


This will create a file named testMD5.pfx in the C:\OpenSSL-Win32\bin> directory which is used in the following command to upload the certificate to the SP:

 

  naviseccli -h <SP IP address> security -pkcs12upload -file c:\OpenSSL-Win32\bin\testMD5.pfx -passphrase 123456

 

If the command is successful you should now be able to access Unisphere/setup page. A new self signed certificate should be generated from the SP setup page.

 

 

For more information on this, refer primus solution “emc315591”.