VNX Series, Unisphere
Attempt to connect to Unisphere via SP IP address hangs on the certificate page. Cannot access the SP setup page.
SP is pingable, Remotely Anywhere is accessible and naviseccli commands are working.
This behavior can be caused by an invalid digital signature on the SP certificate. Support can verify if there is an issue with the SP certificate.
If the issue is identified a new certificate can be uploaded to the SP via command line. The following steps need to be carried out to package the new temporary certificate (steps are for a Windows 7 machine):
1. Go to http://slproweb.com/products/Win32OpenSSL.html, download openSSL, then install the kit.
2. Create 1024-bit private key;
C:\OpenSSL-Win32\bin>openssl genrsa -out testMD5.key 1024
3. Create the corresponding certificate request;
C:\OpenSSL-Win32\bin>openssl req -new -key testMD5.key -config "C:\OpenSSL-Win32\bin\openssl.cfg" -out testMD5.csr
WARNING: can't open config file: /usr/local/ssl/openssl.cnf * This can be ignored, not relevant to windows
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Massachusetts
Locality Name (eg, city) :Southboro
Organization Name (eg, company) [Internet Widgits Pty Ltd]:EMC Corporation
Organizational Unit Name (eg, section) :CLARiiON
Common Name (e.g. server FQDN or YOUR name) :<SP IP address>
Email Address :
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :123456
An optional company name :
4. Create the self-signed certificate with MD5 signature;
C:\OpenSSL-Win32\bin>openssl x509 -req -days 365 -in testMD5.csr -signkey testMD5.key -out testMD5.crt -md5
5. Package the key and certificate into a pfx file;
C:\OpenSSL-Win32\bin>openssl pkcs12 -export -out testMD5.pfx -inkey testMD5.key -in testMD5.crt
This will create a file named testMD5.pfx in the C:\OpenSSL-Win32\bin> directory which is used in the following command to upload the certificate to the SP:
naviseccli -h <SP IP address> security -pkcs12upload -file c:\OpenSSL-Win32\bin\testMD5.pfx -passphrase 123456
If the command is successful you should now be able to access Unisphere/setup page. A new self signed certificate should be generated from the SP setup page.
For more information on this, refer primus solution “emc315591”.