How to replace self-signed SSL certificates on VNX Storage Processors with certificates signed by a local Certificate Authority

Product:

 

VNX

 

Description:

 

How to replace self-signed SSL certificates on VNX Storage Processors with certificates signed by a local Certificate Authority

 

Fix

 

The procedure to import a signed SSL certificate to the SP is as follows:


  1. Use a browser to connect to the setup page for SPA.  Connect to https://<SPA_IP_address>/setup and log in with the "sysadmin" account.
  2. Click on "Manage SSL/TLS Certificate".
  3. In the Certificate Management page, click on the "Generate a Certificate Signing Request" and fill in the requested information. "Domain Name" and "Alias" are both the name of the SP.
  4. In the “Certificate Signing Request” page, click on the “Generate a Certificate Signing Request”
  5. In the “Certificate Signing Request” page, click “Back” to return to the Certificate Management Page.
  6. In the Certificate Management page, click on the “Export the Certificate Signing Request”
  7. In the “View certificate signing Request” page, copy the data in the box to a file named: SPA_csr.crt.  An example of that text is below.  Make sure you copy ALL of the text, including the "-----BEGIN CERTIFICATE REQUEST-----" and "-----END CERTIFICATE REQUEST-----".

    -----BEGIN CERTIFICATE REQUEST-----
    MIIDFjCCAf4CAQAwgbExETAPBgNVBAsTCENMQVJpaU9OMRgwFgYDVQQKEw9FTUMg
    Q29ycG9yYXRpb24xEjAQBgNVBAcTCVNvdXRoYm9ybzEWMBQGA1UECBMNTWFzc2Fj
    aHVzZXR0czELMAkGA1UEBhMCVVMxGDAWBgNVBAMTD0RBV0VTRE5JVlgwMVNQQTEV
    MBMGA1UEAxMMMTAuMTAuMjU0Ljk1MRgwFgYDVQQDEw9EQVdFU0ROSVZYMDFTUEEw
    ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhSo0644+m9O5NZDgkrrfl
    p8H4yCGRWGnX/iqcq534Nin+isu7cQfEghX0ICL3sLuGkbCsaO/OCZbifOV8Eh5j
      <    ... s n i p ...     >
    AgMBAAGgHzAdBgkqhkiG9w0BCQ4xEDAOMAwGA1UdDwQFAwMH/4AwDQYJKoZIhvcN
    AQEFBQADggEBAGxqwIO8VyZ1uneOs7YX9luJpjB01VC5rZq6adnTMFyBbYhST8cG
    hpTXFQ/nFki3xc5EXgrBrXYZ5K6GxwwogdsXWC4dp+XW+PJeYAaRFc0iBokMjymv
    M/Y0emq3e7KSolTymvxTHztGm45ERJ4MI2oOzyahOOS5bujdx49q72iOYraiboP5
    5FCgm9lltRZ3ouPsT6p5WZBsA1WKD8FjybFFQ2Aq35UNdfDqgB37SwEZeW45gLuv
    iujqLhpQiWXAvAt/9XTzhRNosIOMLP1ebCzuqNOG24G8qbw/rryBWQ6LZYHtyVIC
    YEJm7hcaJHEURudA9yvMQq9Eu7caCvL2Lbg=
    -----END CERTIFICATE REQUEST-----
  8. Repeat steps 1-7 for SP B.
  9. Submit the two files to the local Certificate Authority in order to get SSL Signing Certificates generated.


Once you have received the certificate files, import each certificate to each individual SP.


  1. Log back in to SPA and click on "Manage SSL/TLS Certificate."
  2. In the Certificate Management page, select "Import Signed Certificate."
  3. In the Submit Certificate page, copy the contents of the certificate file you received into the box and click "Submit the Certificate."
  4. Repeat steps 1-3 for SPB.

 

 

For more information, Refer EMC Knowledgebase article emc323313