Skip to main content
Hitachi Vantara Knowledge

Generating a custom private key and SSL certificate

The SMU already contains a default private key from which a CSR can be generated. Default values include:
  • Common name (CN) uses the SMU host name, but other values are static (for example: OU=., O=Hitachi, L=San Jose, ST=CA, C=US)
  • Valid for 3,650 days (10 years)
  • Key length of 2,048 bits

From the SMU CLI, enter cert-showall.sh to display these default certificate values.

NoteSee the Hitachi Unified Storage File Module System Access Guide for directions on how to access the SMU CLI.

To generate a custom private key using other values:

Procedure

  1. SSH in to the SMU as the user manager, enter su- and enter the root password.

  2. Enter cert-gencustom.sh

  3. Enter the requested information as the prompts appear (pressing Enter accepts the default).

    • Organizational Unit (OU)
    • Organization (O)
    • Location (L)
    • State (ST)
    • Country (C)
    • Valid Period (in days)
    • Key Size (for example: 1024, 2048 – the key length must be divisible by 64)
    After the system confirms the input, it generates a new private key and self-signed certificate.
  4. Restart the web server when prompted so that it can start to use the new SSL certificate.

  5. Close and restart any browsers that are connected to the SMU.

    Restarting the browser is required to purge the browser of any previously negotiated SSL session values. When logging into SMU after restarting the browser, the new SSL certificate will be provided.
  6. To back up the private key and certificate, navigate to Home SMU Administration SMU Backup and Restore, then click Backup, and save the resulting zip file to a safe and secure location.

    The zip file contains a full backup of the SMU’s configuration. The smu.keystore file within the zip file contains the SMU’s private key.