Skip to main content
Outside service Partner
Hitachi Vantara Knowledge

How to set SSL settings for VSP Gx00

 

Objective

This is supplemental information that helps to understand SSL security setting for VSPGx00 (HM800).

Environment

  • Virtual Storage Platform (VSP)
  • VSP Gx00
  • SVP

Procedure

Please note that using one certificate for SVP configuration parameters has been tested and works fine.  This artilces addresses steps in updating certificates that was missing in the documentation.

 Figure 1 below illustrates the context of the certificates Connections Path, Upload Target, and the Certificate itself.

Figure 1.  Certificate Connection Path

 

Table 1 below provides SSL Connection path context.

 

Table 1.  SSL Connection Matrix

#

Connection Path

Upload Target

Certificate

A

Between SVP and Management Client

SVP

(1) SSL Certificate between SVP and Management Client

B

Between SVP and Storage System

SVP and Storage System

(2) Certificate for SVP connection

(3) Certificate for Web server connection

C

Between Management Client and Storage System.

SVP and Storage System

(3) Certificate for Web server connection

 

Notes:

  • Only one/single certificate is involve.
  • Certificate (1), (2), and (3) depicted in Figure 1 Certificate Connection Path illustration and on Table 1 SSL Connection Matrix above is the same certificate.
  • A, B, and C refers to the same in Figure 1 connection path illustration and Table 1 SSL connection matrix above.

Example Case:

[Investigation Result]

  • The certificate for web server connection (3) was uploaded to Storage System but was not uploaded to the SVP.
  • When Maintenance Utility was launched from SVP Storage Navigator, and SSL handshake occurred, error 20122-207001 was generated because certificate (3) was not uploaded to SVP.

 

In the procedure “Updating a signed certificate”, the certificate (1) in A was updated and is different from the certificate (3).

There is no evidence in the logs by which the certificate (3) was uploaded in the dump provided.

It was determined that the issue occurred because the certificate (3) was not uploaded to SVP.

 

[Action Plan]

  • Upload certificate for (2) and (3) to SVP
  • Use the same certificate (2) and (3) that was used and uploaded through

SVP Storage Navigator  >Maintenance Utility  >Menu  >System Management  >”Update Certificate Files” prompt depicted on Figure 1.

Procedure 1  Update certificate (2):

Requirements:

    - Updated secret key and signed public key certificate in Storage System.

    - The secret key (server.key file) and signed public key certificate (server.crt) in X509PEM or X509DER type.

Procedure

     1. Please open Windows command prompt as administrator.

     2. Change directory to C:\MAPP\wk\Supervisor\MappIniSet\ directory.

     3. Execute the MappL7SwitchGumSslCrtUpdate.bat as follows:

 

          mappL7SwitchGumSslCrtUpdate.bat <absolute-path_certificate-file>

Note: Specify absolute path of certificate file.

Figure 2.  mappL7SwitchGumSslCrtUpdate.bat  command example:

 

Procedure 2 - Update certificate (3):

Requirements:

    - Updated secret key and signed public key certificate in Storage System.

    - The secret key (server.key file) and signed public key certificate (server.crt) must be in X509PEM or X509DER type.

     - All user must logout of Storage Navigator

Procedure

     1. Please open Windows command prompt as administrator.

     2. Change directory to C:\MAPP\wk\Supervisor\MappIniSet\ directory.

     3. Execute the MappSn2GumSslCrtUpdate.bat as follows:

 

          MappSn2GumSslCrtUpdate.bat <absolute-path_certificate-file>

 

Note: Specify absolute path of certificate file.

 

Figure 3.  MappSn2GumSslCrtUpdate.bat  command example:

 

 

Additional Notes

See Also

  • Service Processor (SVP) Technical Reference FE-94HM8036  - Setting up SSL encryption
  • VSPGx00(HM800/DW800) Maintenance Manual FE-94HM8002 - MAINTENANCE PC SECTION - 3.15 Update Certificate Files
  • System Administrator Guide MK-94HM8016 - Setting up security