Generating a custom private key and SSL certificate
The
SMU already contains a default private key from which a CSR can be generated. Default values include:
- Common name (CN) uses the SMU host name, but other values are static (for example: OU=., O=HDS, L=San Jose, ST=CA, C=US)
- Valid for 397 days
- Key length of 2,048 bits
From the SMU CLI, enter cert-showall.sh to display these default certificate values.
NoteSee the
Hitachi Unified Storage File Module System Access Guide for directions on how to access the
SMU CLI.
To generate a custom private key using other values:
Procedure
SSH in to the SMU as the user manager, enter su- and enter the root password.
Enter cert-gencustom.sh
Enter the requested information as the prompts appear (pressing Enter accepts the default).
- Organizational Unit (OU)
- Organization (O)
- Location (L)
- State (ST)
- Country (C)
- Valid Period (in days)
- Key Size (for example: 1024, 2048 – the key length must be divisible by 64)
Restart the web server when prompted so that it can start to use the new SSL certificate.
Close and restart any browsers that are connected to the SMU.
Restarting the browser is required to purge the browser of any previously negotiated SSL session values. When logging into SMU after restarting the browser, the new SSL certificate will be provided.To back up the private key and certificate, navigate to Backup, and save the resulting zip file to a safe and secure location.
The zip file contains a full backup of the SMU’s configuration. The , then clicksmu.keystore
file within the zip file contains the SMU’s private key.